Re: [CSP] enforcement on non text-html resources

On Wed, Jun 4, 2014 at 6:29 PM, Neil Matatall <> wrote:
> I've already put up a patch to stop applying CSP to this resource. Was
> that the right thing to do?

Per the HTML Standard a document is to be created if such resources
are loaded in a browsing context. CSP should apply to that.


Received on Wednesday, 4 June 2014 16:37:53 UTC