The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
Newsgroups: mozilla.dev.security
From: Sid Stamm <s...@mozilla.com>
Date: Mon, 06 Jul 2009 13:36:22 -0700
Local: Mon, Jul 6 2009 4:36 pm
Subject: Re: Content Security Policy Spec questions and feedback
On 7/6/09 10:14 AM, Sid Stamm wrote:
>>>> Are relative URIs valid for the report-URI/policy-URI? (Seems like Actually, I got a little ahead of myself about the BASE tag. If the CSP >>>> this would be a good thing to support). However, if so, is there any >>>> interaction/relationship with the BASE tag, which is supposed to also >>>> appear early in the head? >>> Very good question. > Whether or not a BASE tag is present, the UA > has to figure out what host to request the content from and over what > scheme and port to request it; at this level, relative and absolute URIs > should appear the same. I'll try to make this more obvious in the Spec. is specified in an HTTP header, then I don't think the BASE HTML tag should have any effect on the resolution of a relative URI. It is defined in a different layer, and should really only affect the HTML content and anything it does (not the protocol-level stuff). So in brief, I think the BASE tag shouldn't affect any HTTP header-level -Sid You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||