Brian Smith <brian@briansmith.org> writes: > Devdatta brought up the point last week that the CSP drafts do not say > that the browser MUST NOT issue the HTTP (or whatever) request when > they block a fetch due to CSP violation. That is, it is perfectly > legal to make the HTTP request (optionally caching it) and then ignore > it, according to the current wording in the CSP drafts. However, I > think this is a bug that should be fixed. +1 I think this should be fixed as well.Received on Tuesday, 18 November 2014 02:53:19 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC