Details on Product CSP Level 3

Open, Raised and Pending Review Issues

New issues for this product are notified to (change it).

There are 11 open and raised issues listed in the system.

ID State Title Raised on Product Open Actions
ISSUE-34 (edit) OPEN Discuss use cases / risks of script access to CSP information, solicit specific public comment on this feature with FPWD 2012-11-02 CSP Level 3 0
ISSUE-57 (edit) OPEN Do we want to control popups, if so, how? 2014-02-10 CSP Level 3 0
ISSUE-64 (edit) OPEN Csp3 how to deal with large policies needed by single-page webapps ( 2014-08-27 CSP Level 3 0
ISSUE-67 (edit) OPEN WebRTC via 'connect-src'? 2014-09-03 CSP Level 3 0
ISSUE-68 (edit)
401 prompting by subresources
OPEN How to manage 401 phishing prompts by subresources 2014-10-27 CSP Level 3 0
ISSUE-66 (edit) RAISED No-external-navigation as potential csp3 feature 2014-08-27 CSP Level 3 0
ISSUE-69 (edit)
Overt channel control in CSP
RAISED Consider directives to manage postMessage and external navigation of iframes 2014-10-28 CSP Level 3 0
ISSUE-70 (edit)
Using ni:/// as CSP source
RAISED Investigate using ni:/// as a CSP source expression 2014-11-04 CSP Level 3 0
ISSUE-71 (edit)
JSONP directives
RAISED Consider directives in CSP Level 3 to reduce attack surface of legacy JSONP interaces 2014-11-04 CSP Level 3 0
ISSUE-73 (edit)
CSP path matching
RAISED Consider allowing relative paths (to 'self') in source productions 2014-12-30 CSP Level 3 0
ISSUE-74 (edit)
plugin-types 'none'
RAISED allow explicitly setting the 'none' keyword source for plugin-type directive 2014-12-30 CSP Level 3 0

Open Actions

There are 10 open and pending review actions.

ID State Title Person Due Date Associated with
ACTION-141 (edit) open CSP Next: Update default-src language to be more future-proof Mike West 2015-01-31 CSP Level 3
ACTION-144 (edit) open CSP Next: Propose text on layering of fetch context types with CSP directives Mike West 2015-01-31 CSP Level 3
ACTION-164 (edit) open CSP Next: Integrate mnot's cookie scope proposal. Mike West 2015-01-31 CSP Level 3
ACTION-172 (edit) open Review servicewoker issues relevant to csp from github Mike West 2015-01-31 CSP Level 3
ACTION-182 (edit) open Make sure blob origin is discussed further on list Brad Hill 2014-11-17 CSP Level 3
ACTION-186 (edit) open Do more research on preventing 401 attach Brad Hill 2015-01-31 CSP Level 3
ACTION-188 (edit) open Evaluate json-src Mike West 2015-01-31 CSP Level 3
ACTION-189 (edit) open Evaluate script-ancestors Mike West 2015-01-31 CSP Level 3
ACTION-192 (edit) open Evaluate control over nesting depth. Mike West 2014-11-03 CSP Level 3
ACTION-198 (edit) open Take bookmarklets discussion back to the list Brad Hill 2014-11-17 CSP Level 3

Add a new action item.

See all issues and actions for this product.

Daniel Veditz <>, Mike West <>, Chairs, Wendy Seltzer <>, Samuel Weiler <>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <>.
$Id: index.html,v 1.1 2020/01/17 08:52:52 carcone Exp $