W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Cookieless cross-origin violation reports.

From: Mike West <mkwst@google.com>
Date: Sun, 5 May 2013 11:42:21 +0200
Message-ID: <CAKXHy=esSsXegUQXd4YrH9hrR9EHte2V+-zNhfwfMUONbyrrGQ@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Consistent with the conversation in April's F2F, I've changed the 1.1 spec
to require that cross-origin violation reports are sent without cookies:
https://dvcs.w3.org/hg/content-security-policy/rev/788b0b653c39

I believe we'd reached consensus on that point, but I might have missed
some nuance over the phone. I'm happy to revert if there are objections.

--
Mike West <mkwst@google.com>, Developer Advocate
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Received on Sunday, 5 May 2013 09:43:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC