W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 20 Oct 2014 17:09:09 +0200
Message-ID: <CADnb78jnzx9dh0gLwN5-rWXVjDjg82gEtZMV7v4fzdDpRmidcw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Brian Smith <brian@briansmith.org>
On Mon, Oct 20, 2014 at 5:02 PM, Mike West <mkwst@google.com> wrote:
> Point taken regarding hooks from Fetch. It's not clear to me what the best
> way to manage that sort of thing is; do you already have ideas about how
> you'd like such a hook to look?

Something similar to what we have now. I pass you some objects, you
return a boolean. (HSTS and REFERRER are harder of course. At least as
long as we attempt to keep the hook from having side effects, which
seems like a good thing.)

(If you like to write small documents with lots of boilerplate over a
single document with multiple chapters, up to you I guess. I'd rather
review a single document on security-related policies. The alternative
is finding the right links and hope I got them all and that they're
all the latest, and is annoying at times.)

Received on Monday, 20 October 2014 15:09:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:41 UTC