Re: [CSP2] Large CSP headers from Daniel Veditz on 2019-12-30 (public-webappsec@w3.org from December 2019)

From: Daniel Veditz <dveditz@mozilla.com>
Date: Mon, 30 Dec 2019 11:04:29 -0800
To: Aaron Goldman <goldmanaaron@gmail.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CADYDTCB2Lcdc_ZsdyUfskDZn5TkagT=_T02=SsuX8PeAMxGg8w@mail.gmail.com>

On Mon, Dec 30, 2019 at 7:53 AM Aaron Goldman <goldmanaaron@gmail.com>
wrote:

> Is it time to seriously consider adding includes to the csp spec
> Large headers that could be chached if they where included from a URL are
> becoming a common problem
>

re-adding it, you mean?
https://www.w3.org/TR/2011/WD-CSP-20111129/#policy-uri  (Firefox even had
an implementation but we didn't see much interest in using it at the time.)

The Origin Policy proposal has always had CSP redundancy as one of the
problems that could be solved. Early days for that spec, though.
https://github.com/WICG/origin-policy

-Dan Veditz

Received on Monday, 30 December 2019 19:04:46 UTC