-
The initialization of the feature policy occurs after the navigation completes. But while the child is being navigated it is possible the browser context's policy could change and then inheritence cou…
-
The spec requires that
> User Agents MUST rotate per-origin device identifiers when other persistent storage are cleared
One of the mechanisms that exist to clear persistent storage is the [`Clear…
-
_From @mikewest on April 21, 2015 11:26_
It might be interesting to allow sites to hash a password before sending it over the wire for comparison. Maybe something like:
```
credential.send({
'url'…
-
For purposes of https://html.spec.whatwg.org/multipage/webappapis.html#concept-bc-script should scripting be considered enabled in a document which has "script-src 'none'" CSP delivered via HTTP heade…
-
* Specification
* https://wicg.github.io/change-password-url/
* and https://w3c.github.io/webappsec-change-password-url/response-code-reliability.html
* Support Status: https://github.com/WICG/…
-
## Introduction
Add a new [sandbox](https://html.spec.whatwg.org/multipage/browsers.html#sandboxing) keyword, `allow-unique-origin`, that causes the rendered content to execute in a unique non-`nul…
-
https://github.com/w3c/spec-prod is a new, specialized tool that easily automates all steps of building, validating, and publishing specs. To set it up, we just need to add one GitHub Actions file. Se…
-
"[6.7.2.2 Does resource hint request violate policy?](https://w3c.github.io/webappsec-csp/#does-resource-hint-violate-policy)" executes the [pre-request check](https://w3c.github.io/webappsec-csp/#dir…
-
_From @shekyan on October 2, 2015 23:31_
[Section 3.1](http://www.w3.org/TR/CSP2/#content-security-policy-header-field) should be explicit how user-agent should behave in the context of malformed `co…
-
https://github.com/w3c/webappsec-csp/issues/78 was resolved to allow hash-source to apply to external scripts (by verifying that the script tag has an `integrity` attribute which contains a hash which…