Problem
Several active Apps discussions suggest broad-breaking changes (e.g., security-sensitive CSP issues), which would require coordination among several hosts and hundreds of apps.
Examples:
The spec doesn't have a defined process for introducing breaking changes, which may require broader migration planning, host coordination, compatibility windows, or versioning.
Why this matters
The spec's ability to evolve is limited so long as we're unable to change the behavior in a responsible manner.
Desired Outcome
Define a process that allows hosts and servers to reasonably adopt spec changes without breaking.
Problem
Several active Apps discussions suggest broad-breaking changes (e.g., security-sensitive CSP issues), which would require coordination among several hosts and hundreds of apps.
Examples:
unsafe-eval#199 tracksunsafe-eval/ Three.js behavior and the gap between strict spec CSP and permissive reference-host behavior.wasm-unsafe-evalCSP directive to enable WebAssembly in MCP Apps #605 / feat: add wasm-unsafe-eval CSP option #667 add explicitwasm-unsafe-evalsupport for WebAssembly compilation.The spec doesn't have a defined process for introducing breaking changes, which may require broader migration planning, host coordination, compatibility windows, or versioning.
Why this matters
The spec's ability to evolve is limited so long as we're unable to change the behavior in a responsible manner.
Desired Outcome
Define a process that allows hosts and servers to reasonably adopt spec changes without breaking.