Re: [CSP] Compatibility with 1.1 or 1.0 from Mike West on 2014-09-01 (public-webappsec@w3.org from September 2014)

From: Mike West <mkwst@google.com>
Date: Mon, 1 Sep 2014 16:46:44 +0200
To: Frederik Braun <fbraun@mozilla.com>, Mark Nottingham <mnot@mnot.net>, Jim Manico <jim.manico@owasp.org>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAKXHy=eYwGC-=wGTrGMbdOYnjnS7YLhfZDAX+4rq_NhecyNbnQ@mail.gmail.com>

I hope
https://w3c.github.io/webappsec/specs/content-security-policy/#changes
addresses this.

I'd appreciate feedback from the WG as to whether I've accurately summed up
the chances since 1.0. It's pretty high-level, but I hope it's useful,
complete, and accurate.

Thanks!

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Thu, Aug 28, 2014 at 9:17 AM, Frederik Braun <fbraun@mozilla.com> wrote:

> On 28.08.2014 05:06, Jim Manico wrote:
> > CSP Team,
> >
> > I noticed that http://www.w3.org/TR/CSP2/ did not contain any commentary
> > about backwards compatibility with earlier versions of CSP (which WAS
> > included in the 1.1 specification) or I missed it.
> >
> > Thanks folks,
> > Jim
> >
>
> This may be partially covered by
> <https://github.com/w3c/webappsec/issues/45>: "Add a "Changes since 1.0"
> section to CSP2.".
>
> I'have made a note there to include your suggestion.
>
>

Received on Monday, 1 September 2014 14:47:33 UTC