Skip to content

[CSP] specify handling of malformed content-security-policy HTTP header #6

New issue
New issue
Open
#363
Open
[CSP] specify handling of malformed content-security-policy HTTP header#6
#363
Labels
clarificationThe standard is unclear or ambiguousinteropImplementations are not interoperable with each other
Milestone
 
CSP3 CR
@mikewest

Description

@mikewest
mikewest
opened on Oct 7, 2015

From @shekyan on October 2, 2015 23:31

Section 3.1 should be explicit how user-agent should behave in the context of malformed content-security-policy header.
For example, unknown directive, non-ASCII characters, multiple 'none' keywords in source-expression do not match the 'policy-token' grammar.

We suggest treating these headers as either default-src 'none' or default-src 'self'

Copied from original issue: w3c/webappsec#495

Metadata

Metadata

Assignees

No one assigned

    Labels

    clarificationThe standard is unclear or ambiguousinteropImplementations are not interoperable with each other

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions