-
I'm wondering if we should also consider adding tools for the opposite side of mixed content, not allowing yourself to be embedded or framed by a non-secure site.
Something like `X-Frame-Options: s…
-
https://speced.github.io/bikeshed/#section-links says
> You can also use cross-spec section links, as long as the spec is either in Bikeshed’s linking database, or the biblio database.
But not a…
-
The fetch spec converts the websocket schemes into http schemes:
https://fetch.spec.whatwg.org/#concept-websocket-establish
Which means by the time CSP checks the request, the URL will be `http/…
-
In a worker you do not have access to a document which would make step 3 of `profile()` fail to compile or some such.
-
### Describe the problem
Hello, currently when using this library with a Content-Security-Policy policy, users are forced to use ```worker-src blob:``` which is inherently unsafe due to it being fu…
-
```
Hello, lovely PageSpeed folks.
We're in the process of pushing CSP 1.1[1] through to CR. I think it has a few
features which would be quite usefully injected via PageSpeed. For example,
hashes …
-
If the Blink implementation of Clear-Site-Data support is still the only implementation, and if we don’t have any new indications of interest from the Gecko or WebKit projects in implementing it, do w…
-
Could this be added
-
An iframe can cause its parent window to scroll to another position, for example using `document.body.scrollIntoView();`
There seems to be no way to override (prohibit) this behaviour under the pre…
ms609 updated
9 months ago
-
Hi folks - this is in reference to our [design principles issue](https://github.com/w3ctag/design-principles/issues/481) which is about harmonizing what we say in design principles with what you're sa…
torgo updated
4 months ago