-
TPAC is coming! We should create an agenda for the two sessions we have (on [23.09.2024](https://www.w3.org/events/meetings/dccfa810-ac8b-4894-9e94-a27eeaa5b84e/) and [26.09.2024](https://www.w3.org/e…
-
As came up in #71, "providers" might not be the most clear member name to use:
@timcappalli [proposed](https://github.com/WICG/digital-credentials/pull/71#issuecomment-2260675780):
```WebIDL
di…
-
Currently, local schemes (such as `about:srcdoc`) do not inherit the PP header of their parents. This poses an issue if we have an origin A with a PP header of `microphone=(self)` which includes a `ab…
-
See https://github.com/w3c/webappsec-permissions-policy
and especially https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md
including https://github.com/w3c/webappsec-permission…
-
We currently reject a second `get()` call but filing this issue to double check if this is specified properly even once we support iframe callers as well.
-
- https://w3c.github.io/webappsec-csp/#changes-from-level-2
I'm wondering if anyone could point me to the discussion on why returning `inline` instead of `unsafe-inline` was made.
It adds a laye…
-
### WebKittens
_No response_
### Title of the spec
Remove same-origin blanket enforcement in CSP Embedded Enforcement
### URL to the spec
https://github.com/w3c/webappsec-cspee/pull/28/files
###…
-
https://github.com/w3c/webappsec/pull/630
-
It seems to work with OIDC
https://w3c.github.io/webappsec-credential-management/#federated
> protocol, of type DOMString, readonly, nullable
The credential’s federated identity provider’s pr…
-
I expected this library to generate the hashes for the script-src and style-src directives, as well as the script-src and style-src directives themselves, but the style-src directive does not exist in…