- From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
- Date: Thu, 25 Nov 2021 14:15:57 +0000
- To: public-webrtc-logs@w3.org
Pardon my ignorance about CSP mechanics... my impression was that CSP policies were conveyed in HTTP headers, and that HTTP headers are as a general rule visible to the page that is created from the HTML that is carried under those HTTP headers. Is there a rule that CSP headers are rendered invisible to the page by the browser? If not, we can just assume that the CSP policy is visible to the page, and making its effects easily visible to the user is not revealing additional information to a competent attacker. If yes, we need to take care not to reveal the restrictions. -- GitHub Notification of comment by alvestrand Please view or discuss this issue at https://github.com/w3c/webrtc-extensions/pull/81#issuecomment-979250153 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 25 November 2021 14:15:59 UTC