Security/CSP/Spec: Difference between revisions

Jump to navigation Jump to search

Security/CSP/Spec (view source)

Revision as of 00:40, 23 July 2009

579 bytes added ,  23 July 2009
→‎Directives: added font-src and xhr-source to directive descriptions
(→‎Formal Policy Syntax: added font-src to directives)
(→‎Directives: added font-src and xhr-source to directive descriptions)
Line 238: Line 238:
* Frame content from non-approved sources will not be requested or loaded.
* Frame content from non-approved sources will not be requested or loaded.
* If frame-src is not explicitly specified, frame requests are subject to the allow directive.
* If frame-src is not explicitly specified, frame requests are subject to the allow directive.
===font-src===
* Indicates which sources are valid for <tt>@font-src</tt> CSS loads.
* Fonts served from non-approved sources must not be requested for use as a font in CSS.
* If font-src is not explicitly specified, requests by <tt>@font-src</tt> are subject to the allow directive.
===xhr-src===
* Indicates which sources are valid for <tt>XMLHttpRequest</tt> connections.
* XMLHttpRequests may not be opened to sources not permitted by this directive.
* If xhr-src is not explicitly specified, requests by <tt>XMLHttpRequest</tt> objects are subject to the allow directive.


===frame-ancestors===
===frame-ancestors===
Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/157065"

Navigation menu