W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2014

Re: Remove paths from CSP?

From: Eduardo' Vela\ <evn@google.com>
Date: Wed, 12 Feb 2014 00:33:28 -0800
Message-ID: <CAFswPa8euYXEh-ijjXdivgrjqSNp+K+K-GEq2XMTRGEK5N5oUA@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Daniel Veditz <dveditz@mozilla.com>, Garrett Robinson <grobinson@mozilla.com>, Brad Hill <bhill@paypal-inc.com>, Michal Zalewski <lcamtuf@google.com>, Odin Hørthe Omdal <odinho@opera.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Adam Barth <w3c@adambarth.com>
Well, we won't be able to use CSP in Google since we (unfortunately) serve
static JS APIs from www.google.com (which also has a lot of JSONP-like

These are also public APIs, so our users of such APIs won't be able to
adopt CSP either.
Received on Wednesday, 12 February 2014 08:33:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:37 UTC