Re: CSP policy questions

On 10/7/10 12:45 PM, =JeffH wrote: > Ok, suppose I have this origin i wish to protect > "https://www.example.com";, the origins "http://example.com"; and > "https://example.com"; redirect to the former, I'm not sure of the relevance of the re-directs here. You don't include plain example.com in

CSP policy questions

I have question on CSP policies that I can't easily find an answer for in the spec (or I'm just blind), and also I don't have my head wrapped around all the facets of various web vulns.. Ok, suppose I have this origin i wish to protect "ht