The next iteration of CSP is far enough along to discuss. I'd appreciate it if you'd you give feedback on https://w3c.github.io/webappsec-csp/ :)
@mikewest 6.1.11.3 step 3.8 is fail-open instead of fail-secure for redirects? one open redirect in source list and the paths lose effect?
-
-
@tehjh: Same behavior as CSP2. I need to move http://www.w3.org/TR/CSP2/#source-list-paths-and-redirects … into the security considerations section. ( https://github.com/w3c/webappsec-csp/issues/46 … )Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.