[Webkit-unassigned] [Bug 59858] CSP: Should only honor CSP policy delivered in meta tag that is a descendent of <head>

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Mar 23 11:03:42 PDT 2016


Daniel Bates <dbates at webkit.org> changed:

           What    |Removed                     |Added
            Summary|Check whether CSP policies  |CSP: Should only honor CSP
                   |in meta tags are allowed    |policy delivered in meta
                   |outside head                |tag that is a descendent of
                   |                            |<head>
             Blocks|85558                       |

--- Comment #2 from Daniel Bates <dbates at webkit.org> ---
As of <https://w3c.github.io/webappsec-csp/2/#delivery-html-meta-element (Editor’s Draft, 29 August 2015), we should only honor the CSP meta tag if it is a descendent of <head>.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160323/83e410ce/attachment.html>

More information about the webkit-unassigned mailing list