CSP: origin from a URL from Anne van Kesteren on 2013-06-25 (public-webappsec@w3.org from June 2013)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 25 Jun 2013 19:31:42 +0900
To: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CADnb78hh=mqJEdHvnjoOF7FfUFp2pxmgkxQc_9VsrpeJF9-isQ@mail.gmail.com>

Why does https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#reporting
use a different algorithm to derive an origin from a URL? Also, it
seems somewhat confusing to have this new origin type, actual origins,
and URLs, in the same value space. Even though the property says
"blocked-uri" you wouldn't be able to parse it with a URL parser and
get a sensible result.


--
http://annevankesteren.nl/

Received on Tuesday, 25 June 2013 10:32:16 UTC