W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2013

Re: Behavior when default-src is missing from a CSP

From: Mike West <mkwst@google.com>
Date: Thu, 10 Oct 2013 13:56:09 +0200
Message-ID: <CAKXHy=c4tBA8XY8dks5S=iX+eDrk7dwBRmX7n4sBi2CK5aV9dA@mail.gmail.com>
To: Neil Matatall <neilm@twitter.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Oct 10, 2013 at 1:25 AM, Neil Matatall <neilm@twitter.com> wrote:

> Ian pointed out that this only happens with the X- header on Firefox.
> However, it still appears to be undefined in the spec.
>

Not anymore: https://dvcs.w3.org/hg/content-security-policy/rev/b7108185b416:)

-mike
Received on Thursday, 10 October 2013 11:56:58 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:03 UTC