- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 6 May 2013 09:50:34 -0700
- To: Mike West <mkwst@google.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Sun, May 5, 2013 at 2:42 AM, Mike West <mkwst@google.com> wrote: > Consistent with the conversation in April's F2F, I've changed the 1.1 spec > to require that cross-origin violation reports are sent without cookies: > https://dvcs.w3.org/hg/content-security-policy/rev/788b0b653c39 > > I believe we'd reached consensus on that point, but I might have missed some > nuance over the phone. I'm happy to revert if there are objections. The intranet concern was not considered problematic? -- http://annevankesteren.nl/
Received on Monday, 6 May 2013 16:51:04 UTC