W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: [CSP2] Number of CSP Header Fields

From: Mike West <mkwst@google.com>
Date: Fri, 3 Apr 2015 15:47:46 +0200
Message-ID: <CAKXHy=eSdN98G=efo_q7WQb0AXBwrTPaB2DsY0iLy=t1t0xSTQ@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Stefan Ossendorf <stefan.ossendorf@outlook.de>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Apr 3, 2015 at 11:19 AM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Fri, Apr 3, 2015 at 11:09 AM, Mike West <mkwst@google.com> wrote:
> > 2. A single `Content-Security-Policy` header can contain multiple
> policies,
> > separated by commas.
>
> Hmm. Semantically
>
>   X: 1
>   X: 2
>
> is equivalent to
>
>   X: 1, 2
>
> if X's value is defined as
>
>   X = #DIGIT
>
> See final two paragraphs of
> https://tools.ietf.org/html/rfc7230#section-3.2.2


Right. This is what I meant. Multiple policies can be concatenated into a
single, comma-separated header.

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 3 April 2015 13:48:35 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:11 UTC