Update Note on Request Destination / CSP directive · whatwg/fetch#1466

(6 评论) (0 反应) (0 负责人)HTML (2,051 star) (394 fork)batch import

clarificationgood first issue

描述

https://fetch.spec.whatwg.org/#concept-request-destination shows the CSP directive for a specific destination. I think that list needs to be updated to Content Security Policy Level 3. For example the destination "script" should now be "script-src-elem". (ref https://w3c.github.io/webappsec-csp/#effective-directive-for-a-request)

技术栈: htmljavascript
领域: frontendsecuritydocumentation
议题类型: documentation
难度: 3
预计时间: 1-3 hours
活动状态: stale
清晰度: clear
前置要求: Basic understanding of Fetch StandardFamiliarity with CSP Level 3
新手友好度: 60
研究方向: The issue requests updating the table of request destination to CSP directive mappings in the Fetch Standard to align with CSP Level 3. Specifically, the destination "script" should map to "script src elem" instead of "script src". Refer to the CSP specification at https://w3c.github.io/webappsec csp/#effective directive for a request for the updated mappings. The change is localized to the relevant section in the Fetch Standard source file (likely in the HTML spec). The issue has been open since July 2022 with 6 comments, indicating some discussion but no resolution yet.