Update Note on Request Destination / CSP directive · whatwg/fetch#1466

(6 comments) (0 reactions) (0 assignees)HTML (2,051 stars) (394 forks)batch import

clarificationgood first issue

説明

https://fetch.spec.whatwg.org/#concept-request-destination shows the CSP directive for a specific destination. I think that list needs to be updated to Content Security Policy Level 3. For example the destination "script" should now be "script-src-elem". (ref https://w3c.github.io/webappsec-csp/#effective-directive-for-a-request)

技術スタック: htmljavascript
領域: frontendsecuritydocumentation
Issue 種別: documentation
難度: 3
推定時間: 1-3 hours
活動状況: stale
明確さ: clear
前提条件: Basic understanding of Fetch StandardFamiliarity with CSP Level 3
初心者向け度: 60
調査方針: The issue requests updating the table of request destination to CSP directive mappings in the Fetch Standard to align with CSP Level 3. Specifically, the destination "script" should map to "script src elem" instead of "script src". Refer to the CSP specification at https://w3c.github.io/webappsec csp/#effective directive for a request for the updated mappings. The change is localized to the relevant section in the Fetch Standard source file (likely in the HTML spec). The issue has been open since July 2022 with 6 comments, indicating some discussion but no resolution yet.