W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2015

Re: CSP2: Drop 'unsafe-redirect'.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 1 Jul 2015 16:25:22 +0200
Message-ID: <CADnb78j60-43U3873e7wYOWkgG-etaj3+rD56TdTgmMYYrsC6A@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Wendy Seltzer <wseltzer@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>
On Wed, Jul 1, 2015 at 4:12 PM, Mike West <mkwst@google.com> wrote:
> Experimentation locally on internal sites leads me to believe that it's not
> going to be web compatible: I didn't find any Google property that used CSP
> which the new behavior wouldn't break in some way.

How are we going to protect the scenario instead?


-- 
https://annevankesteren.nl/
Received on Wednesday, 1 July 2015 14:25:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC