Apologies for not replying more fully before. I've spent some time putting my thinking on this in blog-post form: http://infrequently.org/2013/05/use-case-zero/ On Saturday, April 27, 2013, Adam Barth wrote: > Alex, would you be willing to share the specific use cases you have in > mind? We just want to make sure there are solid use cases for the > features in the spec. > > Adam > > > On Sat, Apr 27, 2013 at 11:31 AM, Alex Russell <slightlyoff@google.com> > wrote: > > I object to these changes in the strongest possible terms. If it is not > > possible to implement CSP policy enforcement on top of your API, it is > not > > sufficient. > > > > On Apr 27, 2013 5:46 PM, "Adam Barth" <w3c@adambarth.com> wrote: > >> > >> As discussed at the face-to-face meeting, I've trimmed the > >> SecurityPolicy DOM interface to just the first four attributes: > >> > >> https://dvcs.w3.org/hg/content-security-policy/rev/f338192860c5 > >> > >> At the meeting, we discussed that these attribute have strong use > >> cases, but we couldn't think of any strong use cases for the remaining > >> DOM interfaces. > >> > >> If folks come up with strong use cases, we should consider adding back > >> the removed interfaces (or adding new interfaces that better address > >> those use cases). > >> > >> Note: At the face-to-face, we discussed making some of these attribute > >> writable in some circumstances, but I haven't made that change yet > >> because it probably deserves more discussion. > >> > >> Adam > >> > > >
Received on Friday, 24 May 2013 17:03:12 UTC