W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2014

CSP, Fetch, and frame-ancestors

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 24 Apr 2014 17:32:22 +0200
Message-ID: <CADnb78hvUGoBy0fJfeOST3Bw=h9TF8SikwsbA8jm+83FreSS3A@mail.gmail.com>
To: WebAppSec WG <public-webappsec@w3.org>
It's not entirely clear to me how we should model this directive.
http://fetch.spec.whatwg.org/#concept-fetch has a placeholder hook for
CSP now. And as I mentioned before I added request contexts and a link
back to the global environment. Do we also need a pointer to the API
responsible for the fetch? We might need it for priorities in HTTP/2.0
I believe... But maybe there's a better way for this directive?

Received on Thursday, 24 April 2014 15:32:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC