On 21/10/09 17:25, Sid Stamm wrote:
Additional Directives are not a problem either, unless they're mandatory for all policies (which is not the case ... yet). I'm still more in favor of extension via new directives than extension by modifying existing ones: this seems more obviously backward compatible and in reality probably more forward compatible too.
Ideally, this would always be the case. And the thinking that's going into the modularization should help us to correctly separate concerns.
Right. This was proposed a while back (I don't recall the thread off hand) as one header to convey all relevant security policies. Something like Accept-Policies I think. If we want to turn CSP into that, we could, but it surely wasn't designed from the ground up with that in mind.
I think the name "Content Security Policy" is generic enough already :-) Gerv _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
