- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Thu, 8 Sep 2016 08:37:00 -0700
- To: Artur Janc <aaj@google.com>, "Hodges, Jeff" <jeff.hodges@paypal.com>
- Cc: W3C Web App Security WG <public-webappsec@w3.org>
On 9/7/16 1:14 PM, Artur Janc wrote: > For example, there's almost never a security benefit of setting > img-src, and it adds maintenance overhead and risks breakage when > URLs change, About the only time img-src is useful is to undo a restrictive default-src. For example "default-src 'self'; img-src *;" -Dan Veditz
Received on Thursday, 8 September 2016 15:37:28 UTC