Re: Trimming the SecurityPolicy DOM interface

Apologies for not replying more fully before.

I've spent some time putting my thinking on this in blog-post form:

http://infrequently.org/2013/05/use-case-zero/

On Saturday, April 27, 2013, Adam Barth wrote:

> Alex, would you be willing to share the specific use cases you have in
> mind?  We just want to make sure there are solid use cases for the
> features in the spec.
>
> Adam
>
>
> On Sat, Apr 27, 2013 at 11:31 AM, Alex Russell <slightlyoff@google.com>
> wrote:
> > I object to these changes in the strongest possible terms. If it is not
> > possible to implement CSP policy enforcement on top of your API, it is
> not
> > sufficient.
> >
> > On Apr 27, 2013 5:46 PM, "Adam Barth" <w3c@adambarth.com> wrote:
> >>
> >> As discussed at the face-to-face meeting, I've trimmed the
> >> SecurityPolicy DOM interface to just the first four attributes:
> >>
> >> https://dvcs.w3.org/hg/content-security-policy/rev/f338192860c5
> >>
> >> At the meeting, we discussed that these attribute have strong use
> >> cases, but we couldn't think of any strong use cases for the remaining
> >> DOM interfaces.
> >>
> >> If folks come up with strong use cases, we should consider adding back
> >> the removed interfaces (or adding new interfaces that better address
> >> those use cases).
> >>
> >> Note: At the face-to-face, we discussed making some of these attribute
> >> writable in some circumstances, but I haven't made that change yet
> >> because it probably deserves more discussion.
> >>
> >> Adam
> >>
> >
>

Received on Friday, 24 May 2013 17:03:16 UTC