W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2013

Re: CSP: connect-src

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 20 Jun 2013 16:20:05 +0900
Message-ID: <CADnb78jYwNZEM14zyF00L-B3HaXexSfYfMJJnvv_5S9ZcdT9Ow@mail.gmail.com>
To: WebAppSec WG <public-webappsec@w3.org>
On Thu, Jun 20, 2013 at 4:16 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> What it says about XMLHttpRequest is wrong. Fetching happens after
> send() is invoked (or during for synchronous requests).

Also, grouping WebSocket into this seems somewhat weird as WebSocket
does something different from fetching. And XMLHttpRequest/EventSource
are not too different from what <img> can do.

What were the criteria used for this?

I'm trying to make sense of http://wiki.whatwg.org/wiki/Contexts (and
improve it) for eventual convergence between CSP and Fetch.

Received on Thursday, 20 June 2013 07:20:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:33 UTC