On Thu, Jan 29, 2015 at 11:23 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Thu, Jan 29, 2015 at 11:18 AM, Mike West <mkwst@google.com> wrote: > > The only piece that isn't defined is IPv6 matching. We define IP address > > matching, it just doesn't make sense when wildcards come in. :) > > Do > > http://2/ > > and > > http://0.0.0.2/ > > match? > > Do > > http://0.00.0.2/ > > and > > http://00.0.0.2/ > > match? > > From my reading of the text neither worked. You're right. These don't work. We have a few options: 1. We can ignore the problem, and let `http://2/` fail to match `img-src 0.0.0.2` and match `img-src 2`. 2. We can normalize the URL, but not the source expression, and let ` http://2/` match `img-src 0.0.0.2', but fail to match `img-src 2`. 3. We can normalize both, and let `http://2/` match both `img-src 0.0.0.2` and `img-src 2`. 4. We can throw away IP addresses entirely. I prefer either #4 or #1. :) -mike -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Thursday, 29 January 2015 11:10:57 UTC