- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 27 Mar 2014 15:30:34 +0000
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: Mike West <mkwst@google.com>, Jake Archibald <jakearchibald@google.com>, WebAppSec WG <public-webappsec@w3.org>, Alec Flett <alecflett@google.com>
On Thu, Mar 27, 2014 at 3:55 AM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: > I was hoping for something stronger: the absence of child-src would > not allow a SW. Or heck, even require an explicit "sw-src" or > something. > > But, this would go against the grain of the remaining CSP directives > so your suggestion makes sense. Requiring CSP for a new orthogonal feature is too high a bar. I sympathize with the purported security benefits, but we also need people to be able to play with technology in a relatively straightforward manner. -- http://annevankesteren.nl/
Received on Thursday, 27 March 2014 15:31:04 UTC