[Webkit-unassigned] [Bug 59858] CSP: Should only honor CSP policy delivered in meta tag that is a descendent of <head>
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 23 11:03:42 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=59858
Daniel Bates <dbates at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Check whether CSP policies |CSP: Should only honor CSP
|in meta tags are allowed |policy delivered in meta
|outside head |tag that is a descendent of
| |<head>
Blocks|85558 |
--- Comment #2 from Daniel Bates <dbates at webkit.org> ---
As of <https://w3c.github.io/webappsec-csp/2/#delivery-html-meta-element (Editor’s Draft, 29 August 2015), we should only honor the CSP meta tag if it is a descendent of <head>.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160323/83e410ce/attachment.html>
More information about the webkit-unassigned
mailing list