Re: Remove paths from CSP?

On Wed, Feb 12, 2014 at 10:21 AM, Mike West <> wrote:
> Happily, I'm not on Google's infra security team, so I can suggest that
> Google should be more careful about a) scoping APIs to origins, and b) not
> allowing arbitrary callbacks, while remaining blissfully unaware of the work
> that would be involved in doing so. :)

Given CORS using JSONP seems bad. Are there still too many legacy user agents?


Received on Wednesday, 12 February 2014 10:40:46 UTC