W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2013

CSP: origin from a URL

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 25 Jun 2013 19:31:42 +0900
Message-ID: <CADnb78hh=mqJEdHvnjoOF7FfUFp2pxmgkxQc_9VsrpeJF9-isQ@mail.gmail.com>
To: WebAppSec WG <public-webappsec@w3.org>
Why does https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#reporting
use a different algorithm to derive an origin from a URL? Also, it
seems somewhat confusing to have this new origin type, actual origins,
and URLs, in the same value space. Even though the property says
"blocked-uri" you wouldn't be able to parse it with a URL parser and
get a sensible result.

Received on Tuesday, 25 June 2013 10:32:16 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:33 UTC