Page history
23 July 2009
→Directives: added font-src and xhr-source to directive descriptions
+579
→Formal Policy Syntax: added font-src to directives
+36
→Violation Report Syntax: -- defined mime type for violation report
+82
→Violation Report Syntax: added original policy to report URI
+328
→Source Expression List
m−123
→Directives
m+10
→No inline scripts will execute
m+27
→Formal Policy Syntax: updated syntax to permit hostless schemes
+9
→Source Expression List: added description of host-less schemes, removed "context-aware" support for 'self'
−346
22 July 2009
→No data: URIs unless opted-in to via explicit policy
m+1
→Formal Policy Syntax: no "*" for scheme
−29
→Source Expression List: no more scheme wildcards
−560
→Sample Policy Definitions: nuked meta stuff
−393
→Activation and Enforcement
m−242
→Restrictions on policy-uri and report-uri
m−17
→Activation and Enforcement: nuked meta support, added notion of multiply defined policy headers (multiple X-CSP headers in one response)
−678
9 July 2009
8 July 2009
7 July 2009
→Handling Parse Errors
m+5
→User-Agent and Other Client-Side Considerations
m+114
→Violation Report Syntax: added submit method (POST) details
+107
→Violation Report Syntax
m+54
→Restrictions on policy-uri and report-uri
m+21
→Data Leak Vectors
m+21
→Violation Report Syntax
m−15
→Violation Report Sample
m+208
→Formal Policy Syntax
m+59
→Source Expression List: added scheme/port wildcard descriptions
+932
→Source Expression List
m−2
→"self" Source Expression Keyword
m+2
→Valid Source Expression Keywords
m+2
→Sample Policy Definitions
m+4
→Sample Policy Definitions
m+4
→Formal Policy Syntax
m+1
→Valid Source Expression Keywords: made detailed description of "self"
+913
→Formal Policy Syntax: moved "self" to be a hostname
m+33
→Hostname Wildcards: now wildcard means zero or more labels
+59
→Meta Tag Placement
m+166
→frame-ancestors: clarified what ancestors are, added "object" as a way to embed HTML
+294
→style-src
m−166
6 July 2009
→policy-uri: added details about relative URIs for this directive
+122
→report-uri: added info about relative URIs in this directive
+176
→style-src
+122