W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Starter Javascript API proposal for CSP

From: Paul Frazee <pfrazee@gmail.com>
Date: Mon, 24 Mar 2014 15:54:11 -0500
Message-ID: <CAD4FMejowujARir+EMugLF1yE7yfL4FAc-VNg7t6hpd_PidWMA@mail.gmail.com>
To: public-webappsec@w3.org
Hi folks,

I wanted to get the ball rolling on the discussion for a JS API for CSP. I
spent the morning putting together what I thought would be a basic,
uncontroversial starting point:


If some consensus can be made around a basic API, it'll be possible to
delve into the particulars of each directive's policies. This design should
also provide some flexibility for adding new kinds of directives and
policies on a per-API basis, for instance: on Document, Worker, and perhaps
more granular APIs such as XMLHttpRequest, if there's a need for it. This
design also tries to maintain the existing CSP implementation.

Feedback appreciated.

Be well,
Paul F
Received on Tuesday, 25 March 2014 10:34:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC