Re: JSON representation of CSP policies

I like this idea a lot.

On Fri, Aug 14, 2015 at 3:22 PM Jonathan Kingston <jonathan@jooped.com>
wrote:

> Hi WebAppSec,
>
> I have been thinking recently about how a subresource/external library
> could declare what their policy was.
>
> My current thinking is that this would be best served by a JSON
> representation of CSP policies which would aid the publisher in being able
> to merge several policies together without having to do a full audit of a
> third party code.
>
> The developer could simply merge in the new policy whilst still remaining
> with the most stringent policy possible. Currently this step is manual and
> I hope that this would allow it to become much more automated.
>
> Here is my super draft proposal:
> https://gist.github.com/jonathanKingston/5699b440f608960dc089
>
> Kind regards
> Jonathan
>

Received on Friday, 14 August 2015 23:26:36 UTC