Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow secure variant of scheme when only insecure is given #91

Closed
michaelficarra opened this issue Oct 29, 2015 · 5 comments
Closed

allow secure variant of scheme when only insecure is given #91

michaelficarra opened this issue Oct 29, 2015 · 5 comments
Labels
enhancement

Comments

@michaelficarra
Copy link
Member

See recent spec change here: w3c/webappsec-csp#25 (comment)
@shekyan
Copy link
Collaborator

shekyan commented Oct 31, 2015

Actually, this is going to be CSP3 feature. We have an option to either branch, or have the same code base for all versions with upper version specifier..

@michaelficarra
Copy link
Member Author

I think we should just track the most recent version, as is done with most tooling for web features.

@shekyan
Copy link
Collaborator

shekyan commented Oct 31, 2015

Then we also need to support directives that exist in most recent version.

@shekyan shekyan self-assigned this Oct 31, 2015
@shekyan
Copy link
Collaborator

shekyan commented Oct 31, 2015

6.1.10.3, 3, 2: If expression does not have a scheme-part ... changes the assumption that missing scheme in source-expression is http.
there are more changes from level 2.
We definitely need to discuss how to combine level 3 with what we already have.

@shekyan
Copy link
Collaborator

shekyan commented Feb 17, 2016

example:

Policy p = Parser.parse("script-src a;", "http://example.com");
p.allowsScriptFromSource(Uri.parse("https://a")); // should be true, currently false

@michaelficarra michaelficarra mentioned this issue Oct 12, 2016
Merged
shekyan added a commit that referenced this issue Nov 30, 2016
@shekyan
fixes #91: allow secure variant of scheme when only insecure is given
14858b6
shekyan added a commit that referenced this issue Dec 1, 2016
@shekyan
fixes #91: allow secure variant of scheme when only insecure is given
10ee24d
shekyan added a commit that referenced this issue Dec 12, 2016
@shekyan
Merge branch 'master' into GH-91
85f3363
shekyan added a commit that referenced this issue Dec 13, 2016
@shekyan
fixes #91: allow secure variant of scheme when only insecure is given
9475d9a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michaelficarra @shekyan