W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2013

Re: broadening default-src semantics

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Fri, 31 May 2013 19:45:16 -0700
Message-ID: <CAPfop_3vd2QVjF+Osvc76YO0Jby3R7H3+KWdd5sf-U=aUTgc3A@mail.gmail.com>
To: Daniel Veditz <dveditz@mozilla.com>
Cc: Yehuda Katz <wycats@gmail.com>, public-webappsec@w3.org
>> It would be better if it was spec'ed as covering all network requests,
>> period.

What does "all network requests" or the broader "all resource loads"
cover? links ? window.open? refresh via the meta header? csp reports?

Or do you mean "secondary resource loads"?

FWIW, I wouldn't mind if it covers everything above, but I am not sure
browsers are willing to consider such a design.

Received on Saturday, 1 June 2013 02:46:07 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC