Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delegate srcdoc's CSP list initialization to CSP. #2599

Closed
wants to merge 1 commit into from
Closed

Delegate srcdoc's CSP list initialization to CSP. #2599

wants to merge 1 commit into from

Conversation

mikewest
Copy link
Member

@mikewest mikewest commented Apr 27, 2017
edited by pr-preview bot
Loading

Following up on w3c/webappsec-csp#210, this patch simplifies
the integration point between HTML and CSP, delegating the functionality entirely to
the latter.

💥 Error: Wattsi server error 💥

PR Preview failed to build. (Last tried on Jan 15, 2021, 7:57 AM UTC).

More

PR Preview relies on a number of web services to run. There seems to be an issue with the following one:

🚨 Wattsi Server - Wattsi Server is the web service used to build the WHATWG HTML spec.

🔗 Related URL

Command failed: /home/noderunner/wattsi/bin/wattsi /tmp/upload_23efd8e334c28c650f9bbb8e460aa1dd (sha not provided) uyl0eqm278a default /tmp/upload_07256f419f83768ebd016976bc9ea77c

If you don't have enough information above to solve the error by yourself (or to understand to which web service the error is related to, if any), please file an issue.

@mikewest
Delegate srcdoc's CSP list initialization to CSP.
80f6608 
Following up on w3c/webappsec-csp#210, this patch simplifies
the integration point between HTML and CSP, delegating the functionality entirely to
the latter.
annevk
annevk reviewed Apr 27, 2017
View reviewed changes
source
<li><p>Execute the <span>Initialize a <code data-x="">global object</code>'s CSP list</span>
algorithm on <var>worker global scope</var> and <var>response</var>. <ref spec="CSP"></p></li>
<li><p>Execute the <span>Initialize a worker's CSP list</span> algorithm on <var>worker global
scope</var> and <var>response</var>. <ref spec="CSP"></p></li>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In w3c/webappsec-csp#210 it seems this algorithm also takes an owner.

@domenic
Copy link
Member

domenic commented May 10, 2017

Marking "do not merge yet" given it's dependent on a CSP PR.

@domenic domenic added the do not merge yet Pull request must not be merged per rationale in comment label May 10, 2017
@annevk
Copy link
Member

annevk commented May 11, 2017

I'm no longer sure this is the way to go by the way. Does this mean that if a parent changes policy the srcdoc document inherits? Is that what we want?

Base automatically changed from master to main January 15, 2021 07:57
@annevk
Copy link
Member

annevk commented Apr 28, 2021

Let's consider this superseded by #6504.

@annevk annevk closed this Apr 28, 2021
@annevk annevk deleted the fix-209 branch April 28, 2021 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@annevk annevk annevk left review comments

Assignees
No one assigned
Labels
do not merge yet Pull request must not be merged per rationale in comment
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mikewest @domenic @annevk