Vendor specification of their product's recommended Content-Security-Policy from Jean-Baptiste Aviat on 2017-11-24 (public-webappsec@w3.org from November 2017)

From: Jean-Baptiste Aviat <jb@sqreen.io>
Date: Fri, 24 Nov 2017 12:25:33 +0100
To: public-webappsec@w3.org
Message-Id: <D4F7C9A9-3B89-42C8-8D7E-2D6B4B5F1986@sqreen.io>

Hi WebappSec,

One of the pain points of building a Content Security Policy is that most SaaS tools (Segment, Sentry…) do not even document how to use a Content Security Policy. Hence, users of such SaaS tools need to reverse engineer how they are working, and to build their own policy accordingly.

It would be nice if vendors could specify this up front!

Would you be aware of any specification / discussion about this?

Thanks,
--
Jean-Baptiste Aviat
Co-founder & CTO | Sqreen <https://www.sqreen.io/>
Mobile: +33 6 749 749 77

Received on Friday, 24 November 2017 12:49:42 UTC