W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Re: Cookieless cross-origin violation reports.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 6 May 2013 09:50:34 -0700
Message-ID: <CADnb78ids7BzTGJEtVBDubzn8+radwJ3xvALEHNiuzSgwn2rtQ@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Sun, May 5, 2013 at 2:42 AM, Mike West <mkwst@google.com> wrote:
> Consistent with the conversation in April's F2F, I've changed the 1.1 spec
> to require that cross-origin violation reports are sent without cookies:
> https://dvcs.w3.org/hg/content-security-policy/rev/788b0b653c39
>
> I believe we'd reached consensus on that point, but I might have missed some
> nuance over the phone. I'm happy to revert if there are objections.

The intranet concern was not considered problematic?


--
http://annevankesteren.nl/
Received on Monday, 6 May 2013 16:51:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC