Re: CfC to publish a LCWD of CSP 1.1

On Wed, Jun 11, 2014 at 12:41 PM, Sigbjørn Vik <> wrote:

> Looks good, then I have no further objections. Thanks for the
>  constructive work, and putting up with my paranoia :)

Thanks for being constructively paranoid.

> Optionally, include the cross domain check.

I think the cross-domain check is already in: see "along with requests for
resources whose origin does not match the protected resource’s origin" in

Did I miss it somewhere else?

>  I think the following code has one too many nots in it:
> "source list <em>does not</em> contain the  <code>'unsafe-redirect'</code>"

Ah. Yes. I got a bit carried away there. :)

Mike West <>
Google+:, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Wednesday, 11 June 2014 10:49:49 UTC