- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Sun, 18 Jan 2015 23:47:59 -0800
- To: Boris Chen <boris@tcell.io>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hey Boris Can you tell more on how version info would help make synthesizing reports on violations more accurate? Also, why can't you achieve this based on the violated directive in the report? For example, if UA supports a new foo-bar directive, you will have violation reports with foo-bar in the violated directive; otherwise you wont. cheers Dev On 18 January 2015 at 21:44, Boris Chen <boris@tcell.io> wrote: > Hello, > > I've been playing around with CSP reporting, and I was wondering if there > has been any discussion of including CSP version in the reports. > > User-agents will obviously be supporting different versions of CSP for a > given web application, and therefore, the reports will vary depending on the > user-agents. The version info would help reporting on the violation reports > more accurate. This won't help for current versions supported, but would be > helpful for the future.. > > Any thoughts? > > Regards, > Boris Chen >
Received on Monday, 19 January 2015 07:48:47 UTC