惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Full Disclosure
The Register - Security
The Register - Security
F
Fortinet All Blogs
aimingoo的专栏
aimingoo的专栏
V
Visual Studio Blog
H
Help Net Security
S
Secure Thoughts
U
Unit 42
P
Palo Alto Networks Blog
A
About on SuperTechFans
S
Securelist
IT之家
IT之家
P
Privacy & Cybersecurity Law Blog
The Cloudflare Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Scott Helme
Scott Helme
MyScale Blog
MyScale Blog
M
MIT News - Artificial intelligence
N
Netflix TechBlog - Medium
P
Proofpoint News Feed
T
Tor Project blog
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 聂微东
C
CERT Recently Published Vulnerability Notes
阮一峰的网络日志
阮一峰的网络日志
P
Privacy International News Feed
C
Cyber Attacks, Cyber Crime and Cyber Security
量子位
Security Latest
Security Latest
L
LangChain Blog
The Last Watchdog
The Last Watchdog
Hugging Face - Blog
Hugging Face - Blog
雷峰网
雷峰网
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
有赞技术团队
有赞技术团队
Know Your Adversary
Know Your Adversary
大猫的无限游戏
大猫的无限游戏
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
W
WeLiveSecurity
Hacker News: Ask HN
Hacker News: Ask HN
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园 - 三生石上(FineUI控件)
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
博客园 - 司徒正美
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Latest news
Latest news
S
Schneier on Security
H
Hacker News: Front Page

Recent Commits to webappsec-csp:main

Fixing 'policy' local link text. · w3c/webappsec-csp@0051d16 Fixing status. · w3c/webappsec-csp@b1de5f1 Export a dfn. · w3c/webappsec-csp@e156259 [Editorial] 'policy' is a local term, not global. (#812) · w3c/webappsec-csp@3e24aea Add "text" destination type, for JavaScript text imports · w3c/webappsec-csp@7845c09 Attach self-origin to CSP list (#805) · w3c/webappsec-csp@3a5e595 Fix algorithms called with missing parameters (#806) · w3c/webappsec-csp@a20d8fb [Editorial] Avoid nested parenthetical (#804) · w3c/webappsec-csp@8df1f5d Add 'unsafe-webtransport-hashes' keyword to connect-src (#791) · w3c/webappsec-csp@1b8a543 Add missing closing tag for section (#800) · w3c/webappsec-csp@5bc6639 [Editorial] Fix broken references to Trusted Types spec (#790) · w3c/webappsec-csp@a131bcb Apply `strict-dynamic` to inline scripts. (#787) · w3c/webappsec-csp@13c7d8e [Editorial] Reference the algorithm instead of the section for parse-… · w3c/webappsec-csp@9dd7cf1 [Editorial] Fix reference to parse-metadata in SRI (#777) · w3c/webappsec-csp@1137e96 Fix path matching in match-url-to-source-expression (#773) · w3c/webappsec-csp@97e4a82 Change CSPViolationReportBody to dictionary (#737) · w3c/webappsec-csp@a441899 Further clarify post-request check (#730) · w3c/webappsec-csp@7690298 Fix URL in report-uri request (#731) · w3c/webappsec-csp@5c12cbb [Editorial] Fix missing input param of match-response-source-list (#732) · w3c/webappsec-csp@7092cef
[Editorial] Compare origins with 'same origin', not 'is'. · w3c/webappsec-csp@4e01ae7
mikewest · 2026-05-05 · via Recent Commits to webappsec-csp:main
Original file line numberDiff line numberDiff line change

@@ -4150,7 +4150,7 @@ Content-Type: application/reports+json

41504150

4. If |expression| is an <a>ASCII case-insensitive</a> match for "`'self'`",

41514151

return "`Matches`" if one or more of the following conditions is met:

41524152
4153-

1. |origin| is the same as |url|'s <a for="url">origin</a>

4153+

1. |origin| and |url|'s [=url/origin=] are [=same origin=]

41544154
41554155

2. |origin|'s {{URL/host}} is the same as |url|'s {{URL/host}},

41564156

|origin|'s {{URL/port}} and |url|'s {{URL/port}} are either the same