W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2014

Re: CfC to publish a LCWD of CSP 1.1

From: Mike West <mkwst@google.com>
Date: Wed, 11 Jun 2014 12:48:55 +0200
Message-ID: <CAKXHy=c+zeuQTbGwbc_i+avU+RVcP+xXqcj=itJBvQRnfrBApQ@mail.gmail.com>
To: Sigbjørn Vik <sigbjorn@opera.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, Adam Barth <w3c@adambarth.com>
On Wed, Jun 11, 2014 at 12:41 PM, Sigbjørn Vik <sigbjorn@opera.com> wrote:

> Looks good, then I have no further objections. Thanks for the
>  constructive work, and putting up with my paranoia :)

Thanks for being constructively paranoid.

> Optionally, include the cross domain check.

I think the cross-domain check is already in: see "along with requests for
resources whose origin does not match the protected resource’s origin" in

Did I miss it somewhere else?

>  I think the following code has one too many nots in it:
> "source list <em>does not</em> contain the  <code>'unsafe-redirect'</code>"

Ah. Yes. I got a bit carried away there. :)


Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 11 June 2014 10:49:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:39 UTC