Re: Cookieless cross-origin violation reports.

On Sun, May 5, 2013 at 2:42 AM, Mike West <mkwst@google.com> wrote:
> Consistent with the conversation in April's F2F, I've changed the 1.1 spec
> to require that cross-origin violation reports are sent without cookies:
> https://dvcs.w3.org/hg/content-security-policy/rev/788b0b653c39
>
> I believe we'd reached consensus on that point, but I might have missed some
> nuance over the phone. I'm happy to revert if there are objections.

The intranet concern was not considered problematic?


--
http://annevankesteren.nl/

Received on Monday, 6 May 2013 16:51:04 UTC