https://github.com/mikewest/csp-next … is a thought experiment: what if we broke CSP in half, removed some esoteric options, and built policy primitives that specifically targeted XSS on the one hand, and resource confinement on the other?
-
-
I'm not actually convinced this is worth us collectively spending time on (CSP _exists_, after all, and there are pressing problems), but some conversation with clever folks like
@arturjanc,@we1x, and@mikispag makes it clear that this is at least worth discussing a bit. WDYT?Prikaži ovu nit -
(Also, this was just a fun way to procrastinate a bit on the 17 other things I'm supposed to be doing this week.
)Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Why not call it fetch policy (or is the plan to do confinement but fetch is a starting point)? Cool to see confinement maybe making it back in some form though!
-
"Fetch Policy" assumes that developers know what Fetch is. And I'm not sure they do? "Confinement" is likely the wrong word.
@johnwilander has suggest something around "architecture" for years. Maybe that's a better direction?
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.