On Tue, Oct 20, 2009 at 12:50 PM, Devdatta <[email protected]> wrote: > Regarding , History enumeration -- I don't see why it should be part > of CSP. A separate header - X-Safe-History can be used.
I think one of the goals of CSP is to avoid having one-off HTTP headers for each threat we'd like to mitigate. Combining different directives into a single policy mechanism has advantages: 1) It's easier for web site operators to manage one policy. 2) The directives can share common infrastructure, like the reporting facilities. Adam _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
