-
Hello.
I recently learned of the polyfill.io malware issue.
Currently, SRI is supported in all major browsers.
Therefore, if the integrity attribute is specified correctly, it is possible to prev…
-
has come up in context of COWL, elsewhere, e.g.:
https://lists.w3.org/Archives/Public/public-webappsec/2014Jul/0044.html
-
## Introduction
We (chromium) would like to propose an [`unload` permissions policy](https://github.com/fergald/docs/blob/master/explainers/permissions-policy-unload.md) to help sites migrate away …
-
See https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-delivery-referrer-attribute for details
Reference #10311 for servo referrer policy implementation thus far.
-
https://w3c.github.io/webappsec-csp/cookies/ probably fits here better than it will in Feature Policy. Look into that, me.
/cc @ptoomey3
-
See spec at https://w3c.github.io/webappsec-referrer-policy/. All servo referrer policy implementation thus far is just for documents. See #10311 for reference.
-
Check that the setting of cookies follow same origin policies correctly
following discussion on [WebAppSec mailing list](https://lists.w3.org/Archives/Public/public-webappsec/2015Sep/), and summarized…
-
There are a lot of [capability URLs](https://www.w3.org/TR/capability-urls/) out there, but both browsers and servers are oblivious to the fact that a certain URL is a capability one.
If browsers w…
-
Hi!
With the current [editor's draft](https://w3c.github.io/network-error-logging/) for NEL, the `NEL: ` header is defined but the "old" Reporting API `Report-To: ` header is referenced (in example…
-
https://fetch.spec.whatwg.org/#concept-request-destination shows the CSP directive for a specific destination. I think that list needs to be updated to Content Security Policy Level 3. For example the…