- From: Brian Smith <brian@briansmith.org>
- Date: Fri, 3 Apr 2015 18:24:24 -1000
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Mike West <mkwst@google.com>, Anne van Kesteren <annevk@annevk.nl>, Stefan Ossendorf <stefan.ossendorf@outlook.de>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Martin Thomson <martin.thomson@gmail.com> wrote: > On 3 April 2015 at 06:47, Mike West <mkwst@google.com> wrote: >> Right. This is what I meant. Multiple policies can be concatenated into a >> single, comma-separated header. > > Well, isn't that just a single policy then? No. Every comma delimits a separate policy. There are specific rules for combining multiple policies together. "script-src: x, script-src: y" means something much different from "script-src: x; script-src y" which means something much different from "script-src: x y". Cheers, Brian
Received on Saturday, 4 April 2015 04:24:54 UTC