Re: Starter Javascript API proposal for CSP

In a world with ServiceWorkers, do we really need another API to
control loads? Maybe the CSP JS API should focus on things SW can't
do?

On 25 March 2014 02:24, Paul Frazee <pfrazee@gmail.com> wrote:
> Hi folks,
>
> I wanted to get the ball rolling on the discussion for a JS API for CSP. I
> spent the morning putting together what I thought would be a basic,
> uncontroversial starting point:
>
> http://pfraze.github.io/2014/03/24/js-api-proposal-for-csp.html
>
> If some consensus can be made around a basic API, it'll be possible to delve
> into the particulars of each directive's policies. This design should also
> provide some flexibility for adding new kinds of directives and policies on
> a per-API basis, for instance: on Document, Worker, and perhaps more
> granular APIs such as XMLHttpRequest, if there's a need for it. This design
> also tries to maintain the existing CSP implementation.
>
> Feedback appreciated.
>
> Be well,
> Paul F

Received on Wednesday, 26 March 2014 11:09:21 UTC