JSON representation of CSP policies

Hi WebAppSec,

I have been thinking recently about how a subresource/external library
could declare what their policy was.

My current thinking is that this would be best served by a JSON
representation of CSP policies which would aid the publisher in being able
to merge several policies together without having to do a full audit of a
third party code.

The developer could simply merge in the new policy whilst still remaining
with the most stringent policy possible. Currently this step is manual and
I hope that this would allow it to become much more automated.

Here is my super draft proposal:

Kind regards

Received on Friday, 14 August 2015 22:21:04 UTC