惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Full Disclosure
Stack Overflow Blog
Stack Overflow Blog
H
Help Net Security
Microsoft Azure Blog
Microsoft Azure Blog
The GitHub Blog
The GitHub Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Recorded Future
Recorded Future
Y
Y Combinator Blog
Cloudbric
Cloudbric
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Schneier on Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
Cybersecurity and Infrastructure Security Agency CISA
TaoSecurity Blog
TaoSecurity Blog
Security Latest
Security Latest
N
News and Events Feed by Topic
Hacker News - Newest:
Hacker News - Newest: "LLM"
D
DataBreaches.Net
Security Archives - TechRepublic
Security Archives - TechRepublic
H
Hacker News: Front Page
C
Cisco Blogs
L
LangChain Blog
aimingoo的专栏
aimingoo的专栏
Recent Commits to openclaw:main
Recent Commits to openclaw:main
V
Vulnerabilities – Threatpost
L
LINUX DO - 最新话题
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Google Online Security Blog
Google Online Security Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
A
About on SuperTechFans
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Jina AI
Jina AI
C
CXSECURITY Database RSS Feed - CXSecurity.com
Schneier on Security
Schneier on Security
T
Tenable Blog
N
News and Events Feed by Topic
W
WeLiveSecurity
有赞技术团队
有赞技术团队
AI
AI
爱范儿
爱范儿
大猫的无限游戏
大猫的无限游戏
Latest news
Latest news
T
The Blog of Author Tim Ferriss
S
Security Affairs
Know Your Adversary
Know Your Adversary
Simon Willison's Weblog
Simon Willison's Weblog
G
GRAHAM CLULEY
Google DeepMind News
Google DeepMind News
The Cloudflare Blog

Recent Commits to webappsec-csp:main

Fixing 'policy' local link text. · w3c/webappsec-csp@0051d16 Fixing status. · w3c/webappsec-csp@b1de5f1 Export a dfn. · w3c/webappsec-csp@e156259 [Editorial] 'policy' is a local term, not global. (#812) · w3c/webappsec-csp@3e24aea Add "text" destination type, for JavaScript text imports · w3c/webappsec-csp@7845c09 Attach self-origin to CSP list (#805) · w3c/webappsec-csp@3a5e595 Fix algorithms called with missing parameters (#806) · w3c/webappsec-csp@a20d8fb [Editorial] Avoid nested parenthetical (#804) · w3c/webappsec-csp@8df1f5d Add 'unsafe-webtransport-hashes' keyword to connect-src (#791) · w3c/webappsec-csp@1b8a543 Add missing closing tag for section (#800) · w3c/webappsec-csp@5bc6639 [Editorial] Fix broken references to Trusted Types spec (#790) · w3c/webappsec-csp@a131bcb Apply `strict-dynamic` to inline scripts. (#787) · w3c/webappsec-csp@13c7d8e [Editorial] Reference the algorithm instead of the section for parse-… · w3c/webappsec-csp@9dd7cf1 [Editorial] Fix reference to parse-metadata in SRI (#777) · w3c/webappsec-csp@1137e96 Fix path matching in match-url-to-source-expression (#773) · w3c/webappsec-csp@97e4a82 Change CSPViolationReportBody to dictionary (#737) · w3c/webappsec-csp@a441899 Further clarify post-request check (#730) · w3c/webappsec-csp@7690298 Fix URL in report-uri request (#731) · w3c/webappsec-csp@5c12cbb [Editorial] Fix missing input param of match-response-source-list (#732) · w3c/webappsec-csp@7092cef
[Editorial] Compare origins with 'same origin', not 'is'. · w3c/webappsec-csp@4e01ae7
mikewest · 2026-05-05 · via Recent Commits to webappsec-csp:main
Original file line numberDiff line numberDiff line change

@@ -4150,7 +4150,7 @@ Content-Type: application/reports+json

41504150

4. If |expression| is an <a>ASCII case-insensitive</a> match for "`'self'`",

41514151

return "`Matches`" if one or more of the following conditions is met:

41524152
4153-

1. |origin| is the same as |url|'s <a for="url">origin</a>

4153+

1. |origin| and |url|'s [=url/origin=] are [=same origin=]

41544154
41554155

2. |origin|'s {{URL/host}} is the same as |url|'s {{URL/host}},

41564156

|origin|'s {{URL/port}} and |url|'s {{URL/port}} are either the same