- From: Brad Hill <hillbrad@gmail.com>
- Date: Tue, 30 Dec 2014 19:31:10 +0000
- To: Craig Francis <craig@craigfrancis.co.uk>, public-webappsec@w3.org
Received on Tuesday, 30 December 2014 19:31:38 UTC
https://www.w3.org/2011/webappsec/track/issues/74 On Tue Dec 30 2014 at 10:32:17 AM Craig Francis <craig@craigfrancis.co.uk> wrote: > Hi, > > In regards to the plugin-types: > > > http://w3c.github.io/webappsec/specs/content-security-policy/#directive-plugin-types > > Google Chrome (v40) complains if you set 'none' for the plugin-types > directive (or leave it blank). > > > https://groups.google.com/a/chromium.org/d/msg/security-dev/UqCSmNUHhNg/XBlvV_E5eowJ > > I would personally prefer to have this option, so the default for the > website is to always return 'none', then plugin-types can be set as needed > (along with the object-src). > > Craig >
Received on Tuesday, 30 December 2014 19:31:38 UTC