As per https://dvcs.w3.org/hg/content-security-policy/rev/c29f8817f682, and discussion at http://lists.w3.org/Archives/Public/public-webappsec/2012Sep/0099.html: * 'example.com/js' matches a file named 'js' * 'example.com/js/' matches all files under a directory named 'js' (note the trailing slash) * 'example.com/js/file.js' matches only a file named 'file.js' inside a directory named 'js'
Created attachment 168555 [details] Patch
This seems like a good resolution.
Comment on attachment 168555 [details] Patch Thanks, throwing this in the queue.
Comment on attachment 168555 [details] Patch Clearing flags on attachment: 168555 Committed r131317: <http://trac.webkit.org/changeset/131317>
All reviewed patches have been landed. Closing bug.