On Fri, Apr 3, 2015 at 11:19 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Fri, Apr 3, 2015 at 11:09 AM, Mike West <mkwst@google.com> wrote:
> > 2. A single `Content-Security-Policy` header can contain multiple
> policies,
> > separated by commas.
>
> Hmm. Semantically
>
> X: 1
> X: 2
>
> is equivalent to
>
> X: 1, 2
>
> if X's value is defined as
>
> X = #DIGIT
>
> See final two paragraphs of
> https://tools.ietf.org/html/rfc7230#section-3.2.2
Right. This is what I meant. Multiple policies can be concatenated into a
single, comma-separated header.
--
Mike West <mkwst@google.com>, @mikewest
Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)