Re: [Integrity] typos with ni URIs

Martin Thomson <martin.thomson@gmail.com> wrote:
> On 19 January 2015 at 13:40, Brian Smith <brian@briansmith.org> wrote:
>> Note that this is a valid URL, where the scheme is the digest name and
>> the path is the digest-value.
>
> Why go to the trouble of making it look like a URI?  A space separated
> list of hash-colon-base64urlDigest tuples should suffice.  Give
> content type its own attribute and avoid the bizarre delimiter.

I had thought that making it conform to the URI syntax was needed in
order for them to be usable in CSP source expressions. But, now I see
that it seems like CSP's source list ABNF would not match any such URI
without "://" in it, and the normative parsing/matching rules do not
seem to actually require it to be a URI at all.

Cheers,
Brian

Received on Tuesday, 20 January 2015 17:37:46 UTC