Security/CSP/Spec: Difference between revisions

Jump to navigation Jump to search

Security/CSP/Spec (view source)

Revision as of 23:38, 28 September 2009

No change in size ,  28 September 2009
m
→‎policy-uri
Line 284: Line 284:
* Indicates the location of a file containing the security policies for the protected resource.
* Indicates the location of a file containing the security policies for the protected resource.
* <tt>policy-uri</tt> should only be defined in the absence of other policy definitions in the <tt>X-Content-Security-Policy</tt> HTTP header.  If <tt>policy-uri</tt> is defined among other directives in the header, a [[Security/CSP#Error_Handling|console error]] is raised and the policy enforced by CSP is the most restrictive policy: "allow none".
* <tt>policy-uri</tt> should only be defined in the absence of other policy definitions in the <tt>X-Content-Security-Policy</tt> HTTP header.  If <tt>policy-uri</tt> is defined among other directives in the header, a [[Security/CSP#Error_Handling|console error]] is raised and the policy enforced by CSP is the most restrictive policy: "allow none".
* Policy URIs must be of the same source (scheme/host/port) as the protected content. Relative URIs are acceptable, and are resolved within the same scheme, host and port as the document served with the CSP.
* Policy URIs must be of the same origin (scheme/host/port) as the protected content. Relative URIs are acceptable, and are resolved within the same scheme, host and port as the document served with the CSP.


==Source Expression List==
==Source Expression List==
Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/171735"

Navigation menu