W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Should CSP affect a Notification icon?

From: Daniel Veditz <dveditz@mozilla.com>
Date: Sun, 09 Nov 2014 14:37:24 -0800
Message-ID: <545FECA4.8010504@mozilla.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
The Web Notification feature (http://www.w3.org/TR/notifications/)
allows pages to specify a desktop notification, and an optional part of
that spec is an Icon URL. This image URL is specified in a page, but the
image load is not included in the page. Should CSP's image-src directive
affect the Notification icon?

Currently in Firefox it does not: the image load is not part of the
document (or ServiceWorker). We've received a complaint from someone who
thought it ought to. Thoughts?

-Dan Veditz
Received on Sunday, 9 November 2014 22:37:54 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC