ACTION-38: Record that ISPs should not mess with CSP, and if you are worried about this, you should do HTTPS.

Record that ISPs should not mess with CSP, and if you are worried about this, you should do HTTPS.

State:: closed
Person:: Brandon Sterne
Due on:: January 10, 2012
Created on:: January 3, 2012
Related emails:: No related emails

Related notes:

Executed by Abarth. Brandon to review.

Eric Rescorla, 17 Jan 2012, 22:21:03

http://dvcs.w3.org/hg/content-security-policy/rev/f15a0c98899c

Adam Barth, 17 Jan 2012, 22:45:52

Looks good. Here is a citation we could potentially use:
http://engineering.twitter.com/2011/03/improving-browser-security-with-csp.html

Brandon Sterne, 31 Jan 2012, 00:23:22

Display change log.

Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 38.html,v 1.1 2020/01/17 08:51:53 carcone Exp $