- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Wed, 26 Mar 2014 16:38:34 +0530
- To: Paul Frazee <pfrazee@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
In a world with ServiceWorkers, do we really need another API to control loads? Maybe the CSP JS API should focus on things SW can't do? On 25 March 2014 02:24, Paul Frazee <pfrazee@gmail.com> wrote: > Hi folks, > > I wanted to get the ball rolling on the discussion for a JS API for CSP. I > spent the morning putting together what I thought would be a basic, > uncontroversial starting point: > > http://pfraze.github.io/2014/03/24/js-api-proposal-for-csp.html > > If some consensus can be made around a basic API, it'll be possible to delve > into the particulars of each directive's policies. This design should also > provide some flexibility for adding new kinds of directives and policies on > a per-API basis, for instance: on Document, Worker, and perhaps more > granular APIs such as XMLHttpRequest, if there's a need for it. This design > also tries to maintain the existing CSP implementation. > > Feedback appreciated. > > Be well, > Paul F
Received on Wednesday, 26 March 2014 11:09:21 UTC