catching up with this thread; I might have missed something, but how will this interact with the page wide policy set by CSP or meta directive? The Github PR only creates a new TODO to talk about the intersection algorithm. There is a huge advantage to the page wide policy since it makes reasoning about the security of a web application a lot more tractable. I would be worried about letting a local element over-ride the page wide policy (see Brad's note why this is imp https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0268.html) (Other than this, I don't have any concerns with the proposal) ~Dev On 12 February 2015 at 00:06, Mike West <mkwst@google.com> wrote: > On Thu, Feb 12, 2015 at 8:59 AM, Anne van Kesteren <annevk@annevk.nl> wrote: >> On Thu, Feb 12, 2015 at 8:43 AM, Mike West <mkwst@google.com> wrote: >>> [...] >> >> By the way, before we add more attributes, there is this proposal outstanding: >> >> https://www.w3.org/Bugs/Public/show_bug.cgi?id=26533 >> >> With that proposal whenever we figure out something new to add to >> Request objects, it would get automatically exposed to all request >> contexts as a feature. That is probably a better idea long term. >> >> (It still doesn't help with the navigational bits we discussed, but >> neither does this.) > > That looks reasonable to me, and would address this use case. > Francois, would you be willing to hop onto that bug and describe this > proposal to see how it might fit in with a more generic way of setting > Fetch attributes? That might substantially simplify the wiring-up I > noted earlier in the thread. > > -mike > > -- > Mike West <mkwst@google.com>, @mikewest > > Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, > Registergericht und -nummer: Hamburg, HRB 86891, Sitz der > Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine > Elizabeth Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) >Received on Friday, 13 February 2015 06:09:09 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC