W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: CfC: Transition CSP2 to CR.

From: Francois Marier <francois@mozilla.com>
Date: Wed, 28 Jan 2015 22:00:56 +1300
Message-ID: <54C8A548.1030506@mozilla.com>
To: Mike West <mkwst@google.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 28/01/15 21:50, Mike West wrote:
> Well, we did make a decision[1]. Then Dan questioned the decision[2], I
> said "I don't care"[3], and we left it there.
> I just checked Gecko, which looks like it doesn't map <a ping> to any
> particular directive, but blocks on default-src[4]. I don't think Blink
> does any check at all, which is sad[5].

Gecko doesn't map anything to <a ping> yet but I've got a patch ready to
go as soon as this "uncertainty" is resolved :)


Received on Wednesday, 28 January 2015 09:01:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:45 UTC