-
From [AC Review](https://lists.w3.org/Archives/Public/public-review-comments/2024Mar/0000.html):
[[
We are concerned about the new "End-to-End Encryption email" proposed optional deliverable because…
-
I've recently been looking at the Permissions API in the context of extensions being able to extend them. One use case that's come up recently is that cryptocurrency wallets have an interest in being …
-
_From @mastahyeti on August 6, 2015 5:19_
The `form-action` directive is useful for limiting the domains to which forms can submit and could be used to limit the submission endpoints as well, though …
-
The definition of [`getHighEntropyValues`](https://wicg.github.io/ua-client-hints/#getHighEntropyValues) sounds like it might return all the high entropy values, not just ones that have been opted in.…
-
Currently the [navigate](https://html.spec.whatwg.org/#navigate) algorithm assumes it is always passed a _sourceDocument_. This is used for:
- Checking if the source is allowed to navigate the targ…
-
For some reason Chrome and Safari trim nonce strings and as far as I can tell this is not specified anywhere. Firefox doesn't and thus fails [this WPT](https://wpt.fyi/results/content-security-policy/…
-
Secure flag for Cookie marks when a Cookie can only be sent over HTTPS connection.
Related to #1415,
-
こんにちは TAG-さん!
I'm requesting a TAG review of [Realms Initialization Control](https://github.com/WICG/Realms-Initialization-Control).
Initialization of same origin realms in an application should…
-
The intro says:
> Initiatives such as Firefox OS and Chrome OS demonstrate the potential of trusted, installable applications built with web technologies. To be used in this way, applications must b…
-
The fetch spec says a request with mode: 'no-cors' must have 'follow' redirect mode. [CSP violation report](https://www.w3.org/TR/CSP3/#report-violation) violates the rule.
@mikewest @annevk