That's more or less what I suggested on the bug. I'm now reconsidering. I don't particularly like the idea that authors could block direct navigation to an image by sending `img-src 'none'` along with all image resources. -mike -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Wed, Jun 4, 2014 at 6:37 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Wed, Jun 4, 2014 at 6:29 PM, Neil Matatall <neilm@twitter.com> wrote: > > I've already put up a patch to stop applying CSP to this resource. Was > > that the right thing to do? > > Per the HTML Standard a document is to be created if such resources > are loaded in a browsing context. CSP should apply to that. > > > -- > http://annevankesteren.nl/ > >
Received on Thursday, 5 June 2014 06:18:37 UTC