惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

量子位
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园_首页
AWS News Blog
AWS News Blog
阮一峰的网络日志
阮一峰的网络日志
Vercel News
Vercel News
C
Cybersecurity and Infrastructure Security Agency CISA
P
Proofpoint News Feed
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
Tailwind CSS Blog
PCI Perspectives
PCI Perspectives
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - 叶小钗
IT之家
IT之家
V2EX - 技术
V2EX - 技术
Cloudbric
Cloudbric
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
宝玉的分享
宝玉的分享
Know Your Adversary
Know Your Adversary
爱范儿
爱范儿
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Schneier on Security
博客园 - 【当耐特】
G
Google Developers Blog
S
Security @ Cisco Blogs
N
Netflix TechBlog - Medium
T
Tenable Blog
C
Check Point Blog
The Cloudflare Blog
J
Java Code Geeks
The Register - Security
The Register - Security
Google Online Security Blog
Google Online Security Blog
Security Latest
Security Latest
T
Tor Project blog
T
The Blog of Author Tim Ferriss
S
Security Affairs
S
Securelist
P
Privacy & Cybersecurity Law Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Privacy International News Feed
博客园 - 三生石上(FineUI控件)
D
DataBreaches.Net
N
News and Events Feed by Topic
Hacker News - Newest:
Hacker News - Newest: "LLM"
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
A
About on SuperTechFans
G
GRAHAM CLULEY
Jina AI
Jina AI
Spread Privacy
Spread Privacy

Recent Commits to webappsec-csp:main

[Editorial] Compare origins with 'same origin', not 'is'. · w3c/webappsec-csp@4e01ae7 Fixing 'policy' local link text. · w3c/webappsec-csp@0051d16 Fixing status. · w3c/webappsec-csp@b1de5f1 Export a dfn. · w3c/webappsec-csp@e156259 [Editorial] 'policy' is a local term, not global. (#812) · w3c/webappsec-csp@3e24aea Add "text" destination type, for JavaScript text imports · w3c/webappsec-csp@7845c09 Attach self-origin to CSP list (#805) · w3c/webappsec-csp@3a5e595 Fix algorithms called with missing parameters (#806) · w3c/webappsec-csp@a20d8fb [Editorial] Avoid nested parenthetical (#804) · w3c/webappsec-csp@8df1f5d Add 'unsafe-webtransport-hashes' keyword to connect-src (#791) · w3c/webappsec-csp@1b8a543 Add missing closing tag for section (#800) · w3c/webappsec-csp@5bc6639 [Editorial] Fix broken references to Trusted Types spec (#790) · w3c/webappsec-csp@a131bcb Apply `strict-dynamic` to inline scripts. (#787) · w3c/webappsec-csp@13c7d8e [Editorial] Reference the algorithm instead of the section for parse-… · w3c/webappsec-csp@9dd7cf1 [Editorial] Fix reference to parse-metadata in SRI (#777) · w3c/webappsec-csp@1137e96 Change CSPViolationReportBody to dictionary (#737) · w3c/webappsec-csp@a441899 Further clarify post-request check (#730) · w3c/webappsec-csp@7690298 Fix URL in report-uri request (#731) · w3c/webappsec-csp@5c12cbb [Editorial] Fix missing input param of match-response-source-list (#732) · w3c/webappsec-csp@7092cef
Fix path matching in match-url-to-source-expression (#773) · w3c/webappsec-csp@97e4a82
antosart · 2025-06-30 · via Recent Commits to webappsec-csp:main
Original file line numberDiff line numberDiff line change

@@ -4077,8 +4077,7 @@ Content-Type: application/reports+json

40774077

6. If |expression| contains a non-empty <a grammar>`path-part`</a>, and

40784078

|redirect count| is 0, then:

40794079
4080-

1. Let |path| be the resulting of joining |url|'s <a for="url">path</a>

4081-

on the U+002F SOLIDUS character (`/`).

4080+

1. Let |path| be the result of running the <a>URL path serializer</a> on |url|.

40824081
40834082

2. If |expression|'s <a grammar>`path-part`</a> does not <a>`path-part` match</a> |path|,

40844083

return "`Does Not Match`".