W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: Starter Javascript API proposal for CSP

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Wed, 26 Mar 2014 16:38:34 +0530
Message-ID: <CAPfop_0nyOqpch1MBLiS2mihLTBXp9EyWJ+VBykbHAF-x+4t8Q@mail.gmail.com>
To: Paul Frazee <pfrazee@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
In a world with ServiceWorkers, do we really need another API to
control loads? Maybe the CSP JS API should focus on things SW can't
do?

On 25 March 2014 02:24, Paul Frazee <pfrazee@gmail.com> wrote:
> Hi folks,
>
> I wanted to get the ball rolling on the discussion for a JS API for CSP. I
> spent the morning putting together what I thought would be a basic,
> uncontroversial starting point:
>
> http://pfraze.github.io/2014/03/24/js-api-proposal-for-csp.html
>
> If some consensus can be made around a basic API, it'll be possible to delve
> into the particulars of each directive's policies. This design should also
> provide some flexibility for adding new kinds of directives and policies on
> a per-API basis, for instance: on Document, Worker, and perhaps more
> granular APIs such as XMLHttpRequest, if there's a need for it. This design
> also tries to maintain the existing CSP implementation.
>
> Feedback appreciated.
>
> Be well,
> Paul F
Received on Wednesday, 26 March 2014 11:09:21 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC