Update Note on Request Destination / CSP directive · whatwg/fetch#1466

(6 留言) (0 反應) (0 負責人)HTML (2,051 star) (394 fork)batch import

clarificationgood first issue

描述

https://fetch.spec.whatwg.org/#concept-request-destination shows the CSP directive for a specific destination. I think that list needs to be updated to Content Security Policy Level 3. For example the destination "script" should now be "script-src-elem". (ref https://w3c.github.io/webappsec-csp/#effective-directive-for-a-request)

技術棧: htmljavascript
領域: frontendsecuritydocumentation
議題類型: documentation
難度: 3
預計時間: 1-3 hours
活動狀態: stale
清晰度: clear
前置要求: Basic understanding of Fetch StandardFamiliarity with CSP Level 3
新手友善度: 60
研究方向: The issue requests updating the table of request destination to CSP directive mappings in the Fetch Standard to align with CSP Level 3. Specifically, the destination "script" should map to "script src elem" instead of "script src". Refer to the CSP specification at https://w3c.github.io/webappsec csp/#effective directive for a request for the updated mappings. The change is localized to the relevant section in the Fetch Standard source file (likely in the HTML spec). The issue has been open since July 2022 with 6 comments, indicating some discussion but no resolution yet.