The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
Newsgroups: mozilla.dev.security
From: EricLaw <bay...@gmail.com>
Date: Thu, 9 Jul 2009 15:05:24 -0700 (PDT)
Local: Thurs, Jul 9 2009 6:05 pm
Subject: Re: Content Security Policy Spec questions and feedback
Lots of great thoughts in this thread!
I wanted to elaborate a bit here: > > It seems natural that a subdownload should be able to say e.g. Content- Some might, but that basically requires the server to send Vary: > > Security-Policy: callers <originlist> > That's not too far off from what frame-ancestors does (which was also a > scope-creep). Could they be combined in some way? > I'd like something like that, but won't concerned sites want to enforce Origin or Vary: Sec-From for all resources returned. This seems like it could potentially impair performance for otherwise cacheable resources. You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||