W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

JSON representation of CSP policies

From: Jonathan Kingston <jonathan@jooped.com>
Date: Fri, 14 Aug 2015 22:20:24 +0000
Message-ID: <CAKrjaaUKEKCzLs+cMBxgKdwFwFGxOcgbv3zUDeWb8kNf0qcY2w@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi WebAppSec,

I have been thinking recently about how a subresource/external library
could declare what their policy was.

My current thinking is that this would be best served by a JSON
representation of CSP policies which would aid the publisher in being able
to merge several policies together without having to do a full audit of a
third party code.

The developer could simply merge in the new policy whilst still remaining
with the most stringent policy possible. Currently this step is manual and
I hope that this would allow it to become much more automated.

Here is my super draft proposal:

Kind regards
Received on Friday, 14 August 2015 22:21:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:50 UTC