Small, non-normative changes to CSP 1.1 from Mike West on 2013-01-29 (public-webappsec@w3.org from January 2013)

From: Mike West <mkwst@google.com>
Date: Tue, 29 Jan 2013 22:58:27 +0100
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAKXHy=cmM-587B-iW7n7+Jt-5LeMT70kynt8DkerPqaJxRY=SA@mail.gmail.com>

In the true spirit of doing everything at the last moment, I've crammed two
non-normative changes in before the call:

https://dvcs.w3.org/hg/content-security-policy/rev/3affa0c38706 addresses
ACTION-94 by noting that the script interface that's currently defined in
CSP 1.1 only gives insight into the policy, not into the general
accessibility of a URL (same-origin policy, cors, etc.

https://dvcs.w3.org/hg/content-security-policy/rev/748bf7da3690 addresses
ACTION-106 by giving an example of how multiple policies would be enforced.

Comments and feedback on both is encouraged.

--
Mike West <mkwst@google.com>, Developer Advocate
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Received on Tuesday, 29 January 2013 21:59:15 UTC