W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: CfC: Transition CSP2 to CR.

From: Francois Marier <francois@mozilla.com>
Date: Wed, 28 Jan 2015 22:00:56 +1300
Message-ID: <54C8A548.1030506@mozilla.com>
To: Mike West <mkwst@google.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 28/01/15 21:50, Mike West wrote:
> Well, we did make a decision[1]. Then Dan questioned the decision[2], I
> said "I don't care"[3], and we left it there.
> 
> I just checked Gecko, which looks like it doesn't map <a ping> to any
> particular directive, but blocks on default-src[4]. I don't think Blink
> does any check at all, which is sad[5].

Gecko doesn't map anything to <a ping> yet but I've got a patch ready to
go as soon as this "uncertainty" is resolved :)

  https://bugzilla.mozilla.org/show_bug.cgi?id=1100181

Francois
Received on Wednesday, 28 January 2015 09:01:34 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC