The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
Newsgroups: mozilla.dev.security
From: Bil Corry <b...@corry.biz>
Date: Tue, 07 Apr 2009 11:42:57 -0500
Local: Tues, Apr 7 2009 12:42 pm
Subject: Re: Content Security Policy - final call for comments
Gervase Markham wrote on 4/7/2009 6:07 AM:
> On 07/04/09 07:36, Daniel Veditz wrote: It has to work both ways; old CSP clients need to be able to parse new CSP rules that are unknown to them and new CSP clients need to be able to parse old CSP rules. Where it will become a challenge is anytime something implicit has its meaning changed (e.g. the default is "x" in CSPv1 and "y" in CSPv2). >> Maybe this does point out the need for some kind of version number in >> the header, so future browsers can take appropriate action when >> encountering an old header. For example, assuming "none" for any newly >> added types. > I much prefer forwardly-compatible designs to version numbers. - Bil You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||