W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2015

Re: CfC: CSP Cookie Controls to FPWD; deadline Dec. 7th.

From: Deian Stefan <deian@cs.stanford.edu>
Date: Tue, 01 Dec 2015 14:12:29 -0800
To: Mike West <mkwst@google.com>, "public-webappsec\@w3.org" <public-webappsec@w3.org>
Cc: Mark Nottingham <mnot@mnot.net>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>
Message-ID: <87d1upstrm.fsf@stmarks.home>
Mike West <mkwst@google.com> writes:
> I think this draft is a reasonable stab at a FPWD, and though it will
> certainly require some iteration, it's something that I think should be
> pretty straightforward to implement. This CfC will end in a week, on
> December 7th. Feedback, positive and otherwise, would be exceptionally
> well-received at public-webappsec@w3.org.

+1

Minor bikeshedding: I'm not a huge fan of using 'http' as a
directive. Maybe 'http-header' or 'header-only'.

The path directive seems useful as well, but I suspect that the
processing model may get a bit complicated. I think we can have a more
general scoping mechanism that can subsume this and also make it useful
for Suborigins and COWL.

Deian
Received on Tuesday, 1 December 2015 22:13:13 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:16 UTC