W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

Re: JSON representation of CSP policies

From: Brad Hill <hillbrad@gmail.com>
Date: Fri, 14 Aug 2015 23:25:59 +0000
Message-ID: <CAEeYn8iv+=bXKoBmNQMOG=BFyJ6Hw8H6CYWrtPSOGHOePuuwrQ@mail.gmail.com>
To: Jonathan Kingston <jonathan@jooped.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
I like this idea a lot.

On Fri, Aug 14, 2015 at 3:22 PM Jonathan Kingston <jonathan@jooped.com>
wrote:

> Hi WebAppSec,
>
> I have been thinking recently about how a subresource/external library
> could declare what their policy was.
>
> My current thinking is that this would be best served by a JSON
> representation of CSP policies which would aid the publisher in being able
> to merge several policies together without having to do a full audit of a
> third party code.
>
> The developer could simply merge in the new policy whilst still remaining
> with the most stringent policy possible. Currently this step is manual and
> I hope that this would allow it to become much more automated.
>
> Here is my super draft proposal:
> https://gist.github.com/jonathanKingston/5699b440f608960dc089
>
> Kind regards
> Jonathan
>
Received on Friday, 14 August 2015 23:26:36 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:14 UTC