On Tue, Jun 25, 2013 at 10:01:15AM +0300, Henri Sivonen wrote: > On Tue, Jun 25, 2013 at 6:08 AM, Brian Smith <bsm...@mozilla.com> wrote: > > At the same time, I doubt such a policy is necessary or helpful for the > > modules > > that I am owner/peer of (PSM/Necko), at least at this time. In fact, though > > I > > haven't thought about it deeply, most of the recent evidence I've observed > > indicates that such a policy would be very harmful if applied to network and > > cryptographic protocol design and deployment, at least. > > It seems to me that HTTP headers at least could use the policy. Consider: > X-Content-Security-Policy > Content-Security-Policy > X-WebKit-CSP > :-( > > In retrospect, it should have been Content-Security-Policy from the > moment it shipped on by default on the release channel and the X- > variants should never have existed.
It should have been CSP. Headers are big enough. Mike _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform