Re: Header Policy Vs. Meta tag policy

On 10/06/2014 23:44, Oda, Terri wrote:
> On Tue, Jun 10, 2014 at 12:25 PM, Tanvi Vyas <
> <>> wrote:
>     On 6/9/14 9:50 PM, Mike West wrote:
>         I'd prefer to maintain the ability to tighten a page's policy,
>         as I think there are totally valid use cases for such a thing,
>         but so far I've been the only one in favor of that, and the
>         spec reflects my understanding of the group's consensus.
>     I don't see any problem with using a meta policy to tighten (and
>     not loosen) a header policy.  Perhaps we can revisit this discussion.
> This also sounds reasonable to me, and seems like it would be pretty
> useful in the case of many types of setup where the host might want to
> provide a base policy but allow users to add additional user-defined
> security policies  (e.g. wordpress, github).  I'm actually surprised
> you were the only one in favour given that this seems particularly
> useful in a lot of the same situations where the meta tag would be
> useful in the first place.
>  Terri

Received on Tuesday, 10 June 2014 23:05:28 UTC