The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
Newsgroups: mozilla.dev.security
From: Johnathan Nightingale <john...@mozilla.com>
Date: Mon, 6 Apr 2009 12:17:07 -0400
Local: Mon, Apr 6 2009 12:17 pm
Subject: Re: Content Security Policy - final call for comments
On 6-Apr-09, at 6:56 AM, Gervase Markham wrote: > - "When both a X-Content-Security-Policy HTTP header and meta tag I think "relaxed" is the intent here, within the context of "the most > are present, the intersection of the two policies is enforced; > essentially, the browser enforces the most *relaxed* policy > satisfying both the policies specified in the meta tag and header." > Surely you mean "strict", not "relaxed"? The example seems to show relaxed policy *satisfying both* ... the meta tag and header." So the intersection is more strict than either on its own, but no more strict than that intersection. I agree that the wording is a bit confusing. Cheers, J --- You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||