On Thu, Jan 30, 2014 at 7:18 AM, David Bruant <bruant.d@gmail.com> wrote:
> Le 30/01/2014 16:08, Mike West a écrit :
>
>> The note about conflicting policies remains important, however, for two
>> reasons(...)
>>
> I was speaking of the note currently at "3.2.5.13.1 Processing multiple
> referrer policies" (because it's uniquely dependent on the existence of
> <meta name="referrer"> I think). I agree with you that the other parts
> relating to conflicting policies are important.
Hrm. I think that's necessary to define what happens if two CSP headers
conflict (e.g. the first sets "referrer always" and the second sets
"referrer origin"). Would adding "or in multiple 'Content-Security-Policy'
headers" to the parenthetical in that section be helpful?
-mike