-
Given a CSP violation report triggered during the execution of a script, I was [maybe naively] assuming that it would *always* have one of the two following fields:
* `source-file`: if a source file …
-
### MDN URL
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
### What specific section or headline is this issue about?
``
### What informa…
-
Stealing shamelessly from AB Chair Wendy Reid's message to the Advisory Committee, here's what we could express an opinion on if we wish:
_Sustainable Web Interest Group Charter
Reply by: October 16…
-
This question may be in the wrong w3c repo; however, I will start here.
How would suborigins work with [referrer policy](https://www.w3.org/TR/referrer-policy/)? If I wanted a referrer header sent …
-
Let's say there's a worker created from a `data:` URL in a secure context. That worker creates a `blob:` URL and tries to create a nested worker out of that URL. Should that be blocked as mixed cont…
-
Keep an eye on: https://github.com/WICG/feature-policy/blob/master/reporting.md#can-i-just-trigger-reports-without-actually-enforcing-the-policy
All features will apparently allow 'report-only' in …
-
['sync-xhr'](https://xhr.spec.whatwg.org/#feature-policy-integration) is currently implemented as a [policy-controlled feature](https://w3c.github.io/webappsec-permissions-policy/#policy-controlled-fe…
-
As per https://github.com/w3c/webappsec-secure-contexts/issues/5#issuecomment-151737360 it seems that whenever we want to inherit one of origin, HTTPS state, CSP policy or document's URL, we want to i…
jwatt updated
8 years ago
-
This issue serves as a CFC letting the WebAppSec Working Group know about the intention to publish a [Permissions Registry](https://github.com/w3c/permissions-registry/) as a [Draft Registry](https://…
-
It can often make sense to implement a report endpoint into the same .NET project that uses this library for setting the CSP-header. A CSP-report is a JSON-structure. It would be nice to have a pre-ma…