[CSP] Accepting base64-url

In CSP Source List Syntax
<https://w3c.github.io/webappsec/specs/content-security-policy/#base64_value>
definition,
base64-value is listed as purely a base64 value. This is inconsistent with
the Subresource Integrity draft, which proposes to use base64url
<http://www.w3.org/TR/SRI/#integrity-metadata-1>. Furthermore, in practice,
Chrome accepts both base64 and base64url for Subresource Integrity *and* CSP.
I propose that we standardize this and accept either base64 *or* base64url
in CSP. I've opened issue 147 <https://github.com/w3c/webappsec/issues/147>
on GitHub to propose this.
--Joel

Received on Friday, 16 January 2015 23:07:15 UTC