- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 9 Jan 2020 11:51:55 +0100
- To: Daniel Veditz <dveditz@mozilla.com>
- Cc: Mike West <mkwst@google.com>, Web Application Security Working Group <public-webappsec@w3.org>, Jeffrey Yasskin <jyasskin@google.com>, Artur Janc <aaj@google.com>, Francois Marier <francois@brave.com>
On Wed, Jan 8, 2020 at 7:48 PM Daniel Veditz <dveditz@mozilla.com> wrote: > There was overwhelming support for us to publish something so it's described (at least as a concept) in one place. I couldn't tell how strongly people felt about whether it needed to be normative or whether a non-normative NOTE would be OK. (Personally I'd be happy either way.) I'm okay with Fetch calling "set the Fetch metadata headers for a request" and adding the new request boolean. (A concern I have with the growing number of WebAppSec specifications is maintenance. Keeping things external is nice as it simplifies maintenance of the main module, but some upkeep has to be done. And currently even "internal" dependencies such as SRI depending on CSP bits get out of sync. In part this can be helped by better tooling, but periodic review and editing would also help.)
Received on Thursday, 9 January 2020 10:52:17 UTC