-
The notion of providing "options" when passing in a URL is confusing. Unlike rules, URLs don't have a notion of options, but rather context around the request that would normally be matched against th…
-
Hey WebAppSec folks,
As you may already be aware, Chrome is shipping [third-party cookie blocking by default in 2025](https://developers.google.com/privacy-sandbox/3pcd).
One second order effect…
-
# User story
As an end user, I want to sign into my collaboration tool and seamlessly interact with various meeting tools, chatbots, and other integrations. I do not expect to be prompted to log in …
-
Currently, to configure an alternate host for the WPT server, you specify the `alternate_host` property with an object value which contains an `alt` property whose value is the desired host. For insta…
-
The discussion from https://github.com/WICG/unload-beacon/issues/28#issuecomment-1237609079 suggests that one of the privacy requirements around network change, as stated below, is too ambiguous:
>…
-
The wildcard is a little weird for an origin, and it's not a parseable URL. We would have to specialize the parser for it.
```json
{
"id": "/",
"name": "Example",
"display": …
-
-
Referrers [leak information](https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/) about a user's browsing activity cross-site. Browser v…
-
Currently frames can either have storage blocked or allowed, w/o an in between. This is unideal for several reasons. Some examples include
1. There are cases where two eTLD+1 equiv frames on the …
-
that date as patch version is strange / uncommon ... would be nicer/cleaner to have a normal `1.2.3` release ... I can open a PR if you'd accept that change ...
@knu