- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 12 Mar 2013 12:12:36 +0000
- To: WebAppSec WG <public-webappsec@w3.org>
Rather than returning an empty HTTP 400 response, CSP should act as if there was a network error. That would be much more consistent with error handling we've used elsewhere in the platform. E.g. if CORS goes wrong, you'll get a network error. FWIW, http://html5.org/temp/fetch.html is the start of drafting the fetching model the platform uses and I think once it's a bit more mature we should start providing explicit hooks for CSP in it so the whole model becomes tightly integrated and you don't have to look in various places to see what actually happens when a resource is being fetched. -- http://annevankesteren.nl/
Received on Tuesday, 12 March 2013 12:13:09 UTC