- From: Fred Andrews <fredandw@live.com>
- Date: Fri, 7 Feb 2014 07:31:42 +0000
- To: Web Application Security Working Group <public-webappsec@w3.org>
Received on Friday, 7 February 2014 07:32:09 UTC
> * Hill, Brad wrote: > > There is also the unfortunate reality that the original text cannot advance beyond Candidate Rec anyway, because no user agent has successfully implemented it. So it is living on borrowed time wrt the W3C process anyway. The text was added in part as a resolution of a dispute over CSP privacy issues. It seems that the technical issues have not been solved, and the UA vendors have not followed though with the commitments made, and this changes the landscape so I reopen the dispute. I would like the CSP to be amended to note that the sending of CSP reports is optional in a conforming implementation and that the UA should expect a website to supply a useful CSP that does not depend on the website implementing an overly broad CSP and analyzing the reports. cheers Fred
Received on Friday, 7 February 2014 07:32:09 UTC