On Fri, Apr 3, 2015 at 11:19 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Fri, Apr 3, 2015 at 11:09 AM, Mike West <mkwst@google.com> wrote: > > 2. A single `Content-Security-Policy` header can contain multiple > policies, > > separated by commas. > > Hmm. Semantically > > X: 1 > X: 2 > > is equivalent to > > X: 1, 2 > > if X's value is defined as > > X = #DIGIT > > See final two paragraphs of > https://tools.ietf.org/html/rfc7230#section-3.2.2 Right. This is what I meant. Multiple policies can be concatenated into a single, comma-separated header. -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 3 April 2015 13:48:35 UTC