W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

JSON representation of CSP policies

From: Jonathan Kingston <jonathan@jooped.com>
Date: Fri, 14 Aug 2015 22:20:24 +0000
Message-ID: <CAKrjaaUKEKCzLs+cMBxgKdwFwFGxOcgbv3zUDeWb8kNf0qcY2w@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi WebAppSec,

I have been thinking recently about how a subresource/external library
could declare what their policy was.

My current thinking is that this would be best served by a JSON
representation of CSP policies which would aid the publisher in being able
to merge several policies together without having to do a full audit of a
third party code.

The developer could simply merge in the new policy whilst still remaining
with the most stringent policy possible. Currently this step is manual and
I hope that this would allow it to become much more automated.

Here is my super draft proposal:
https://gist.github.com/jonathanKingston/5699b440f608960dc089

Kind regards
Jonathan
Received on Friday, 14 August 2015 22:21:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:14 UTC