On Wed, Apr 6, 2016 at 5:43 AM, Emily Stark (Dunn) <estark@google.com> wrote: > Adding these new policy states sounds reasonable to me. However, I want to > note that there's been discussion about expanding the spec to a JSON-based > syntax that allows much more flexibility. For example, we might want to > express the policy "'unsafe-url' for navigations to and subresources from > myadnetwork.com, and 'none' for all other origins" -- maybe using some > syntax like { "unsafe-url": ["myadnetwork.com", "'self'"], "none": "*"}. > (I'm not suggesting that as an actual proposal for the syntax, just an idea > of the kind of thing we were thinking about.) In that world, the policy > states would just be shorthand for the most commonly used policies. How would you transition the Fetch API and HTML referrerpolicy attribute? -- https://annevankesteren.nl/Received on Wednesday, 6 April 2016 06:51:30 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:19 UTC