Re: CSP2: Drop 'unsafe-redirect'.

• From: Anne van Kesteren <annevk@annevk.nl>
• Date: Wed, 1 Jul 2015 16:25:22 +0200
• To: Mike West <mkwst@google.com>
• Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Wendy Seltzer <wseltzer@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>
• Message-ID: <CADnb78j60-43U3873e7wYOWkgG-etaj3+rD56TdTgmMYYrsC6A@mail.gmail.com>

On Wed, Jul 1, 2015 at 4:12 PM, Mike West <mkwst@google.com> wrote:
> Experimentation locally on internal sites leads me to believe that it's not
> going to be web compatible: I didn't find any Google property that used CSP
> which the new behavior wouldn't break in some way.

How are we going to protect the scenario instead?


-- 
https://annevankesteren.nl/

Received on Wednesday, 1 July 2015 14:25:46 UTC