- From: Brad Hill <hillbrad@gmail.com>
- Date: Tue, 3 Dec 2013 22:15:10 -0800
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Wednesday, 4 December 2013 06:15:37 UTC
As I was thinking about the frame-src, worker-src stuff, I remembered: A last year's TPAC in Lyon, we had Jonas Sicking visit us, and came to rough consensus at his suggestion that, if font-src wasn't explicitly specified, it should take the value of style-src, if specified, before it takes the value of default-src. I notice this isn't in the current 1.1 draft. Did this just get forgotten along the way because we forgot to track an action for it, or was it deliberately rejected? (it would've been the first and only multiply-cascaded directive) Would anybody like to jog my memory, or give their $0.02 on the matter today? -Brad
Received on Wednesday, 4 December 2013 06:15:37 UTC