Re: [CSP2] Number of CSP Header Fields

Martin Thomson <martin.thomson@gmail.com> wrote:
> On 3 April 2015 at 06:47, Mike West <mkwst@google.com> wrote:
>> Right. This is what I meant. Multiple policies can be concatenated into a
>> single, comma-separated header.
>
> Well, isn't that just a single policy then?

No. Every comma delimits a separate policy. There are specific rules
for combining multiple policies together. "script-src: x, script-src:
y" means something much different from "script-src: x; script-src y"
which means something much different from "script-src: x y".

Cheers,
Brian

Received on Saturday, 4 April 2015 04:24:54 UTC