-
I've done some triage to figure out if there are additional items that warrant discussion. Building on #16 and what did not get addressed in yesterday's meeting, that gives:
4. Interaction of cross…
-
This is mentioned at several places, but AFAIK the only reference is on the IDL:
https://heycam.github.io/webidl/#SecureContext
which in turn links to
https://html.spec.whatwg.org/multipage/…
-
We need to extend the Fetch API to deal with receiving labeled objects, and also possibly sending. This would be similar to the XHR extension (http://w3c.github.io/webappsec-cowl/#extension-xhr).
-
![Capture](https://user-images.githubusercontent.com/36234981/75557651-b50a9d80-5a40-11ea-99ed-ceab6fd3a5d0.PNG)
https://w3c.github.io/webappsec-trusted-types/dist/spec/#require-trusted-types-for-csp…
-
https://lists.w3.org/Archives/Public/public-webappsec/2014Jul/0088.html
-
https://w3c.github.io/webappsec-csp/embedded/#element-attrdef-iframe-csp
might be already being considered under #2335
-
@dontcallmedom wonders if this document might better reach its audience if published on MDN. I'm very happy having it in WebAppSec, but I'm raising the issue to see what others think.
-
A fetch request (via sw) will reject mixed content where as the default browser behaviour will accept it*.
This is most obvious when trying to play a video on ft.com with `serviceWorker` on.
Sho…
tavvy updated
7 years ago
-
See https://w3c.github.io/webappsec-referrer-policy/
Necessary for https://github.com/servo/servo/issues/10309#issuecomment-203929226
-
I think https://github.com/WICG/nav-speculation/issues/43 was closed a bit too early.
See also https://github.com/w3c/webappsec-csp/issues/502.