W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

[CSP3] Allow plugin-types "none"

From: Craig Francis <craig@craigfrancis.co.uk>
Date: Tue, 30 Dec 2014 18:30:25 +0000
Message-Id: <2794F37C-9704-491D-B338-94DE7356F86A@craigfrancis.co.uk>
To: public-webappsec@w3.org

In regards to the plugin-types:


Google Chrome (v40) complains if you set 'none' for the plugin-types directive (or leave it blank).


I would personally prefer to have this option, so the default for the website is to always return 'none', then plugin-types can be set as needed (along with the object-src).

Received on Tuesday, 30 December 2014 18:30:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:44 UTC