On Tue, Jun 25, 2013 at 6:08 AM, Brian Smith <bsm...@mozilla.com> wrote: > At the same time, I doubt such a policy is necessary or helpful for the > modules > that I am owner/peer of (PSM/Necko), at least at this time. In fact, though I > haven't thought about it deeply, most of the recent evidence I've observed > indicates that such a policy would be very harmful if applied to network and > cryptographic protocol design and deployment, at least.
It seems to me that HTTP headers at least could use the policy. Consider: X-Content-Security-Policy Content-Security-Policy X-WebKit-CSP :-( In retrospect, it should have been Content-Security-Policy from the moment it shipped on by default on the release channel and the X- variants should never have existed. Also: https://tools.ietf.org/html/rfc6648 -- Henri Sivonen hsivo...@hsivonen.fi http://hsivonen.iki.fi/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
