-
I couldn't find out from the spec what the keyword 'self' should mean when the policy is served inside the meta tag of a local-scheme (data: or about: or blob:) document.
I believe it would make se…
-
Consider the following parameter to the `download_file` call:
```
ctx.actions.download_file(sha1 = "deadbeef")
```
The `sha1` attribute has been superseded by attributes like `sha256`, but rem…
-
When using the http header to harden a plain web page it would be useful to specify all (including future) features in a way that they default to „secure off“, is this planned?
Permissions-Poli…
-
Currently the JSON Schema specification allows to reference external files using a hyperlink. This is a very loose reference, specifically:
> When an implementation encounters the reference to "oth…
-
### Summary of the proposal:
Provide a dedicated API for an extension to read and write the Content Security Policy (CSP) of a page. It should work consistently regardless of how the CSP is configure…
-
@vrtmrz pleased to see some efforts on this.
I'm desperatly waiting for this to work.
I deinstalled 0.4 (was never working)
0.5.0 is setup but does absolutly nothing on click, just show "fetchin…
-
Following on a conversation in https://chromium-review.googlesource.com/c/chromium/src/+/2226248, I'd like to understand where y'all are coming down on the origins of subresources from unsigned bundl…
-
Availability (https://w3c.github.io/fingerprinting-guidance/#identifying-fingerprinting-surface-and-evaluating-severity) is a factor that might be worth considering in this section of the specificatio…
-
# Document title, URLs, estimated publication date
Mixed Content Level 1
https://www.w3.org/TR/mixed-content/
# Abstract
This specification describes how a user agent should handle fetching …
-
Moving discussion from https://github.com/WICG/digital-credentials/issues/140 to here....
As spec'ed, the current API allows calling the methods on `CredentialsContainer` with multiple request typ…