On 6/16/2014 11:33 AM, Chris Palmer wrote: > Another solution floated was to have the security policy expressed as > the resource retrieved from a well-known URI, rather than mashing it > in headers. Then it could be cached and pre-fetched. A well-known location means an entire site has to have the same policy which leads to a weak policy, but early versions of the spec (and Mozilla's original implementation) did support a header-specified policy URL for that reason. If a large chunk of your site uses the same policy then it's cached and fast; if one page needed a unique policy you can do that, too. -Dan VeditzReceived on Wednesday, 18 June 2014 07:18:56 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:39 UTC