- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 25 Jun 2013 19:31:42 +0900
- To: WebAppSec WG <public-webappsec@w3.org>
Why does https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#reporting use a different algorithm to derive an origin from a URL? Also, it seems somewhat confusing to have this new origin type, actual origins, and URLs, in the same value space. Even though the property says "blocked-uri" you wouldn't be able to parse it with a URL parser and get a sensible result. -- http://annevankesteren.nl/
Received on Tuesday, 25 June 2013 10:32:16 UTC