top | item 46384089

(no title)

rfmoz | 2 months ago

The reference of robots.txt offer a good way to define specific behavior for the whole domain, as example. Something like that for security could be enough for large amount of websites.

Also, a new header like “sec-policy: foo-url” may be a clean way to move away that definitions from the app+web+proxy+cdn mesh to a fixed clear point.

discuss

rfmoz|2 months ago

I reply myself because I've found that idea already porposed:

"Origin policy was a proposal for a web platform mechanism that allows origins to set their origin-wide configuration in a central location, instead of using per-response HTTP headers." - https://github.com/WICG/origin-policy

But their status is "[On hold for now]" since, at least, three years ago.

zwnow|2 months ago

These files are just ignored by everything. We dont need .txt files, we need good defaults.