On Nov 25, 2:43 pm, Gervase Markham <[EMAIL PROTECTED]> wrote: > What do you mean by "CSP responses to clients that don't support it"? > What is a "CSP response"? CSP is not supposed to make page authors do > anything different, it's supposed to cover their asses when they mess > up. Relying on CSP is using it for something it's not designed for. > > bsterne - I'm not talking crack, right?
I think what Lucas is saying is that servers won't send policy to clients who don't announce that they support CSP. -Brandon _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security