canmove, Confirmed users
1,537
edits
Talk:Security/CSP/Spec: Difference between revisions
m
→"font-src" directive (CLOSED)
| Line 127: | Line 127: | ||
This sounds to me like over-complication. What's the use case? -- [[User:Gerv|Gerv]] | This sounds to me like over-complication. What's the use case? -- [[User:Gerv|Gerv]] | ||
== "font-src" | == "font-src" and "xhr-src" directives (<span style="color:red;">CLOSED</span>)== | ||
Should there be a "font-src" restriction? -EricLaw | Should there be a "font-src" restriction? -EricLaw | ||
| Line 133: | Line 133: | ||
Good question. Right now fonts are subject to the "allow" catch-all directive, and loading third-party fonts requires loosening that restriction. Perhaps we should discuss adding such a directive as well as an xhr-source directive (for when cross-site xhr explodes). -[[User:Sidstamm|Sid]] | Good question. Right now fonts are subject to the "allow" catch-all directive, and loading third-party fonts requires loosening that restriction. Perhaps we should discuss adding such a directive as well as an xhr-source directive (for when cross-site xhr explodes). -[[User:Sidstamm|Sid]] | ||
I think we should do this, since fonts are a whole new beast. Marking this as closed; reopen if there's an objection. | I think we should do this, since fonts are a whole new beast. Marking this as closed; reopen if there's an objection. I'm also adding an XHR-src. | ||
-[[User:Sidstamm|Sid]] | -[[User:Sidstamm|Sid]] | ||