CfC to move CSP-3 to CR < 2025-07-16Β #682
Description
This is a Call for Consensus (CfC) to move Content Security Policy Level 3 CSP-3 as a Candidate Recommendation (CR).
This document defines a mechanism by which web developers can control the resources which a particular page can fetch or execute, as well as a number of security-relevant policy decisions.
We discussed this briefly in our most recent WG meeting, with no objections raised.
To ensure everyone has an opportunity to weigh in, this issue will serve as a record of the group's decision, one way or another.
I've pre-populated this issue with reactions to make it trivial to collect a signal from folks out there in the world:
- React withπ if you agree with the publication.
- React with π if you disagree, but it's fine if we decide to proceed.
- React with π if you strongly disagree with the publication.
If you register discontent with the publication, please add a comment as well so we know what we can address to remove the concern (and if you really disapprove, Formal Objections are accepted through the usual venues).
You can find the most recent editor's draft at https://www.w3.org/TR/CSP3/.
Thanks!
Please respond by 2025-07-16, at which point I'll close this CfC and open an issue to coordinate the preparation.