-
Notifications
You must be signed in to change notification settings - Fork 341
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"should X be blocked" is a bad pattern #1714
Comments
Makes all sense to me. For CSP: For 3. I already have a draft PR to fix the headings problems in w3c/webappsec-csp#621. For 2., I was already struggling before. The wording 'if the result of determining whether response should be blocked by Content Security Policy given response is "Allowed"' sounds overly elaborate. If we change the result types into true or false from infra, could we just call 'if response is blocked by Content Security Policy'? And define something like
|
Yeah, I think that's workable. I'm not sure if Should we change CSP and Mixed Content first and then Fetch? I think that makes the most sense given the dependencies or am I missing something? |
Sounds good. I'll try to move forward with the CSP change. |
I made progress on CSP w3c/webappsec-csp#621. One thing: I realized that the various "is request blocked" algorithms actually have side effects (reporting violations), hence, opposite to what I was proposing before, I have the impression that a more verbose formulation (calling "if determining whether response is blocked by Content Security Policy given response returns true") is more appropriate, since it emphasises that the algorithm does more than just returning a boolean. |
Sounds reasonable, though if you pass response at the end the definition name should have "a response" in it I think. |
What is the issue with the Fetch Standard?
Ideally we'd change Fetch, CSP, and Mixed Content around the same time so we can have this continue to be somewhat consistent.
Maybe something like:
@antosart @carlosjoan91 thoughts?
The text was updated successfully, but these errors were encountered: