The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
Newsgroups: mozilla.dev.security
From: Gervase Markham <g...@mozilla.org>
Date: Thu, 09 Jul 2009 12:01:05 +0100
Local: Thurs, Jul 9 2009 7:01 am
Subject: Re: Content Security Policy Spec questions and feedback
On 08/07/09 18:22, Bil Corry wrote:
> If the hosting company is providing an interface to add one or more The scenario here is that they have a set policy, which an individual > additional CSP headers, then wouldn't it be just as easy for them to > provide an interface that constructs a single header? site owner is permitted to tighten but not loosen. To do that by editing one header would mean that either they'd need to post-check the header to make sure it was no looser than the original, or they'd need to implement the header-merging logic which would otherwise be in the client. Which means N implementations of header merging, some buggy, rather than one. Header-merging logic in the client should just be a case of setting bits Gerv You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||