I updated my web security proposal with a fairly large set of changes. I removed Cross Site Request Forgery from the scope of the proposal and instead will focus on the implementation of the Origin header. The syntax has also been expanded to allow policy creation for a larger set of content types, e.g. not just JavaScript.

This entry was posted on Friday, September 5th, 2008 at 8:51 am and is filed under Mozilla, Web Security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.