MozillaWiki

Security/CSP/Specification: Difference between revisions

Page Discussion

Security/CSP/Specification (view source)

Revision as of 00:11, 9 March 2010

83 bytes removed ,  9 March 2010
→‎HTTP Server Behavior
Line 477: Line 477:
=HTTP Server Behavior=
=HTTP Server Behavior=


==HTTP Header Placement==
;HTTP Header Placement:
The <tt>X-Content-Security-Policy</tt> HTTP Response header should be present in the [http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 Message Headers] section of a server's HTTP response.  Specifically, it must NOT appear in the [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.40 Trailer Headers] section of the response, so that the policy may be enforced as the rest of the page content loads.  Multiple <tt>X-Content-Security-Policy</tt> Response headers will be considered; if more than one is present, the intersection of the policies is enforced.
The <tt>X-Content-Security-Policy</tt> HTTP Response header MAY be present in the [http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 Message Headers] section of a server's HTTP response.  Specifically, it MUST NOT appear in the [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.40 Trailer Headers] section of the response, so that the policy may be enforced as the rest of the page content loads.  Multiple <tt>X-Content-Security-Policy</tt> Response headers MAY be inserted.
Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/206854"