Security/CSP/Spec: Difference between revisions

Security/CSP/Spec (view source)

493 bytes added , 5 August 2009

canmove, Confirmed users

1,537

edits

Revision as of 18:28, 23 July 2009 (view source) Sidstamm (talk \| contribs) (→‎Activation and Enforcement) ← Older edit		Revision as of 21:58, 5 August 2009 (view source) Sidstamm (talk \| contribs) (→‎User-Agent and Other Client-Side Considerations) Newer edit →
Line 414:		Line 414:

	; User Scripts : CSP should not interfere with the operation of user-supplied scripts (such as browser add-ons).		; User Scripts : CSP should not interfere with the operation of user-supplied scripts (such as browser add-ons).

			; Redirects to Content : When a resource is requested from a URI ''X[0]'' protected by a policy ''CSP'', that resource's URI is only loaded if permitted by ''CSP''. If the URI ''X[0]'' resolves to an HTTP redirect of any kind (temporary or permanent) the new URI ''X[1]'' is also required to be permitted by the policy ''CSP''. The effect is that all requests generated by the document must be permitted by the CSP whether they are the initial request or the steps taken during a redirect.