Re: Beacon and CSP

On Wed, Jan 15, 2014 at 7:16 PM, Ian Melven <> wrote:

> Should this POST request be possibly restricted by CSP and if so which
> directive would apply ? I would
> propose "yes, CSP should apply, using connect-src" as a strawman. I know
> others may disagree, see
> for some examples
> :)

I'd talked with Mario about this at some point in the past, and suggested
`form-action` for both <a ping> and Beacon. I'd be fine with `connect-src`
as well.

Generally, I agree that both ought to be goverened by CSP. Beacon much
moreso than <a ping>.


Received on Thursday, 16 January 2014 08:58:31 UTC