W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: [CSP2] Number of CSP Header Fields

From: Brian Smith <brian@briansmith.org>
Date: Fri, 3 Apr 2015 18:24:24 -1000
Message-ID: <CAFewVt7ur8k_-Ra1JpPaNxsqMePcK0gYO8VmgkisJ3Hwph7yag@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Mike West <mkwst@google.com>, Anne van Kesteren <annevk@annevk.nl>, Stefan Ossendorf <stefan.ossendorf@outlook.de>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Martin Thomson <martin.thomson@gmail.com> wrote:
> On 3 April 2015 at 06:47, Mike West <mkwst@google.com> wrote:
>> Right. This is what I meant. Multiple policies can be concatenated into a
>> single, comma-separated header.
>
> Well, isn't that just a single policy then?

No. Every comma delimits a separate policy. There are specific rules
for combining multiple policies together. "script-src: x, script-src:
y" means something much different from "script-src: x; script-src y"
which means something much different from "script-src: x y".

Cheers,
Brian
Received on Saturday, 4 April 2015 04:24:54 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:11 UTC