CSP - matching a URI against a source expression with no scheme from Janusz Majnert on 2013-03-13 (public-webappsec@w3.org from March 2013)

From: Janusz Majnert <jmajnert@gmail.com>
Date: Wed, 13 Mar 2013 10:37:52 +0100
To: public-webappsec@w3.org
Message-ID: <CAOeF0ewjUi=kTq9pcQoFNMD=ATL7ne1vxigwgVoNRKvUX=n0zQ@mail.gmail.com>

Hi,
If I understand correctly, matching the URI:
"http://example.com/resource1" against the source expression
"example.com" shall return a positive match?

I would also like to ask for a clarification on point 3.4 of the
matching algorithm (http://www.w3.org/TR/CSP/#matching):
"uri-scheme" is the scheme part of the URI (according to point 3.2),
why should it be compared to the scheme of the URI it was derived
from? Or is "protected resource's URI" different from the URI being
matched?

Regards,
Janusz Majnert

Received on Wednesday, 13 March 2013 09:38:24 UTC