W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

[CSP] Accepting base64-url

From: Joel Weinberger <jww@chromium.org>
Date: Fri, 16 Jan 2015 23:06:47 +0000
Message-ID: <CAHQV2KmE0_BPfrueotp-QooYCtR8D3=x7KMC6q1zZTkmScM3OA@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
In CSP Source List Syntax
base64-value is listed as purely a base64 value. This is inconsistent with
the Subresource Integrity draft, which proposes to use base64url
<http://www.w3.org/TR/SRI/#integrity-metadata-1>. Furthermore, in practice,
Chrome accepts both base64 and base64url for Subresource Integrity *and* CSP.
I propose that we standardize this and accept either base64 *or* base64url
in CSP. I've opened issue 147 <https://github.com/w3c/webappsec/issues/147>
on GitHub to propose this.
Received on Friday, 16 January 2015 23:07:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:44 UTC