Remove the requirement to fail obnoxiously when receiving a header containing a
authorAdam Barth <w3c@adambarth.com>
Fri, 18 May 2012 12:42:59 -0700
changeset 11792b2fc38ee2e
parent 116 f0931d0ab6eb
child 118 7e066a2ccb94
Remove the requirement to fail obnoxiously when receiving a header containing a
comma. Now that we're using the 1#policy ABNF, the requirements in the HTTP
spec will automagically split the header field value on "," for us.
csp-1.0-specification.html
csp-specification.dev.html
     1.1 --- a/csp-1.0-specification.html	Fri May 18 12:25:50 2012 -0700
     1.2 +++ b/csp-1.0-specification.html	Fri May 18 12:42:59 2012 -0700
     1.3 @@ -328,10 +328,6 @@
     1.4            the following:</p>
     1.5  
     1.6            <ol>
     1.7 -            <li>If the policy contains a U+002C COMMA (<code>,</code>)
     1.8 -            character, return a single directive with name
     1.9 -            <code>default-src</code> and value <code>'none'</code>.
    1.10 -
    1.11              <li>Let the <var>set of directives</var> be the empty set.</li>
    1.12  
    1.13              <li>For each non-empty token returned by <a
     2.1 --- a/csp-specification.dev.html	Fri May 18 12:25:50 2012 -0700
     2.2 +++ b/csp-specification.dev.html	Fri May 18 12:42:59 2012 -0700
     2.3 @@ -404,10 +404,6 @@
     2.4            the following:</p>
     2.5  
     2.6            <ol>
     2.7 -            <li>If the policy contains a U+002C COMMA (<code>,</code>)
     2.8 -            character, return a single directive with name
     2.9 -            <code>default-src</code> and value <code>'none'</code>.
    2.10 -
    2.11              <li>Let the <var>set of directives</var> be the empty set.</li>
    2.12  
    2.13              <li>For each non-empty token returned by <a