- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 24 Jan 2014 11:41:32 -0800
- To: Mike West <mkwst@google.com>
- Cc: Boris Zbarsky <bzbarsky@mit.edu>, WebAppSec WG <public-webappsec@w3.org>
On Fri, Jan 24, 2014 at 1:47 AM, Mike West <mkwst@google.com> wrote: > Great. What can we do to help? I think I have to do the first step. My idea for the interface based on discussion with Adam Barth a long time ago is that you pass the CSP source and CSP policy to fetch. (You need to pass both since fetch has no link with the document and the policy might change if we allow programmatic access in the future.) And then fetch invokes a "CSP check" with the appropriate data. CSP check would be defined in CSP. If CSP check returns failure, fetch returns a network error. Otherwise we carry along as before. -- http://annevankesteren.nl/
Received on Friday, 24 January 2014 19:42:01 UTC