- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Wed, 17 Jan 2018 14:20:59 +0100
- To: public-webrtc@w3.org
On 01/17/2018 09:57 AM, Sergio Garcia Murillo wrote: > On 17/01/2018 1:14, Stephen Farrell wrote: >> Maybe I'm overly concerned, but there could be significant >> problems with whitelists in this space acting to further >> entrench the biggest players generally getting to see or >> control JS or traffic, even if the web sites didn't really >> want to have that happen. > > While I could agree with this concern, that is a concern for CSP in > general, not for our switch. I would be more worried if a hosting > service doesn't allow xmlhttprequest outside their service to enforce > vendor lock in, but this would be an issue to discuss in CSP list, not > here. > > Best regards > > Sergio > > One specific proposal is being discussed here: https://github.com/w3c/webappsec-csp/pull/287 Somehow this seems both simpler and less useful than I thought it would be likely to be. -- Surveillance is pervasive. Go Dark.
Received on Wednesday, 17 January 2018 13:21:46 UTC