ISSUE-74: allow explicitly setting the 'none' keyword source for plugin-type directive

plugin-types 'none'

allow explicitly setting the 'none' keyword source for plugin-type directive

State:
RAISED
Product:
CSP Level 3
Raised by:
Brad Hill
Opened on:
2014-12-30
Description:
Craig Francis (craig@craigfrancis.co.uk) to public-webappsec

Hi,

In regards to the plugin-types:

http://w3c.github.io/webappsec/specs/content-security-policy/#directive-plugin-types

Google Chrome (v40) complains if you set 'none' for the plugin-types directive (or leave it blank).

https://groups.google.com/a/chromium.org/d/msg/security-dev/UqCSmNUHhNg/XBlvV_E5eowJ

I would personally prefer to have this option, so the default for the website is to always return 'none', then plugin-types can be set as needed (along with the object-src).
Related Actions Items:
No related actions
Related emails:
No related emails

Related notes:

No additional notes.

Display change log ATOM feed


Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.326 2018/10/13 17:29:51 vivien Exp $