Re: CSP: connect-src from Anne van Kesteren on 2013-06-20 (public-webappsec@w3.org from June 2013)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 20 Jun 2013 16:20:05 +0900
To: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CADnb78jYwNZEM14zyF00L-B3HaXexSfYfMJJnvv_5S9ZcdT9Ow@mail.gmail.com>

On Thu, Jun 20, 2013 at 4:16 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> What it says about XMLHttpRequest is wrong. Fetching happens after
> send() is invoked (or during for synchronous requests).

Also, grouping WebSocket into this seems somewhat weird as WebSocket
does something different from fetching. And XMLHttpRequest/EventSource
are not too different from what <img> can do.

What were the criteria used for this?

I'm trying to make sense of http://wiki.whatwg.org/wiki/Contexts (and
improve it) for eventual convergence between CSP and Fetch.

--
http://annevankesteren.nl/

Received on Thursday, 20 June 2013 07:20:32 UTC