W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

Re: Include page http response code in CSP reports?

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 27 Mar 2013 07:56:49 +0100
Message-ID: <51529831.3020402@gmx.de>
To: Anne van Kesteren <annevk@annevk.nl>
CC: Mike West <mkwst@google.com>, Neil Matatall <neilm@twitter.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 2013-03-26 23:11, Anne van Kesteren wrote:
> On Tue, Mar 26, 2013 at 10:08 PM, Mike West <mkwst@google.com> wrote:
>> I can't come up with any clever exploits that would be caused by sending the
>> response code of the protected resource (perhaps as "document-status" next
>> to "document-uri"?), and there's apparently some marginal value to adding
>> it. That doesn't mean there aren't any, however...
> Fly-by-comment, can we still rename those to "-url"? The whole
> platform uses URL, not URI...

I beg to differ.
Received on Wednesday, 27 March 2013 06:57:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:32 UTC