-
I'd like to move forward with an integrity proposal in SystemJS and ES Module Shims as an extension of this specification.
Would this repo be the right place to suggest that?
-
Talking with the AB yesterday, 2 requests came up:
1. use of a single repository for charters.
Once a charter gets into horizontal review, the draft of the charter must be moved/copied in a si…
-
### Steps to reproduce
1. Where are you starting? What can you see?
An error from a user appearedon the console while downloading a file
![image](https://github.com/element-hq/element-web/assets…
-
Hi Team,
Here is my csp policy
`{
"date": "08/Jul/2024:17:45:17 +0530",
"csp_report": {
"blocked-uri": "inline",
"column-number": 4519,
"disposition": "report",
"documen…
-
We are using a CSP-Report-Only header to watch ad network behavior on sites (not something that will ever move to a blocking header) and are really spamming our console with warnings.
Would be grea…
-
Permissions Policy currently has the JavaScript API that was specced when it was Feature Policy, but it turns out that the semantics are now a bit different, because of the way that the header is inte…
-
[Sandstorm.io](https://sandstorm.io) could benefit from being able to use `Content-Security-Policy` to restrict the set of origins for which cookies can be assigned via `document.cookie` (in our case,…
-
### Context
The users of Web Applications expect them to be a more secure and controlled environment than a regular website, which can do any kind of wacky network requests, push or force them to upl…
ghost updated
3 years ago
-
Branched from #227 -- `'src'` is a reference to the declared origin of the frame, but this is poorly (or not) defined for sandboxed frames.
What I would like to say for that case is that `'src'` in…
-
Should access to http://127.0.0.0/8 or ::1/128 be considered safe for mixed content policy? We have noticed that some browsers have allowed http://127.0.0.1, but still consider access to other addre…