- From: Paul Frazee <pfrazee@gmail.com>
- Date: Mon, 24 Mar 2014 15:54:11 -0500
- To: public-webappsec@w3.org
Received on Tuesday, 25 March 2014 10:34:06 UTC
Hi folks, I wanted to get the ball rolling on the discussion for a JS API for CSP. I spent the morning putting together what I thought would be a basic, uncontroversial starting point: http://pfraze.github.io/2014/03/24/js-api-proposal-for-csp.html If some consensus can be made around a basic API, it'll be possible to delve into the particulars of each directive's policies. This design should also provide some flexibility for adding new kinds of directives and policies on a per-API basis, for instance: on Document, Worker, and perhaps more granular APIs such as XMLHttpRequest, if there's a need for it. This design also tries to maintain the existing CSP implementation. Feedback appreciated. Be well, Paul F
Received on Tuesday, 25 March 2014 10:34:06 UTC