canmove, Confirmed users
637
edits
Talk:Security/CSP/Spec: Difference between revisions
→What does 'self' represent? (OPEN)
| Line 68: | Line 68: | ||
"self" is defined as the scheme/host/port (origin) in the prose, but the flowchart defines it as document.domain. Which is it? -EricLaw | "self" is defined as the scheme/host/port (origin) in the prose, but the flowchart defines it as document.domain. Which is it? -EricLaw | ||
document.domain is evil, we should ignore it completely everywhere we can. -dveditz | |||
"self" is scheme/host/port (origin). The flow chart is wrong and has been repaired. -[[User:Sidstamm|Sid]] | "self" is scheme/host/port (origin). The flow chart is wrong and has been repaired. -[[User:Sidstamm|Sid]] | ||
On the same topic, do we want "self" to represent different things in different contexts or not? Should "http://self:80" be valid? Should "self:443" be valid? Should we only accept "self" alone with no scheme or port? -[[User:Sidstamm|Sid]] | On the same topic, do we want "self" to represent different things in different contexts or not? Should "http://self:80" be valid? Should "self:443" be valid? Should we only accept "self" alone with no scheme or port? -[[User:Sidstamm|Sid]] | ||
I really hate using self as a pseudo-host; either it's a keyword or it's not. "self" is same-origin with the page, otherwise it's easy to specify myhost.com:333 or ftp://myhost.com -dveditz | |||
Would it be difficult to implement an intelligent "self" that was the same as the current URL for all unspecified bits? So it just Did The Right Thing? -- [[User:Gerv|Gerv]] | Would it be difficult to implement an intelligent "self" that was the same as the current URL for all unspecified bits? So it just Did The Right Thing? -- [[User:Gerv|Gerv]] | ||