-
See spec at https://w3c.github.io/webappsec-referrer-policy/. All servo referrer policy implementation thus far is just for documents. See #10311 for reference.
-
## Introduction
We (chromium) would like to propose an [`unload` permissions policy](https://github.com/fergald/docs/blob/master/explainers/permissions-policy-unload.md) to help sites migrate away …
-
https://w3c.github.io/webappsec-csp/cookies/ probably fits here better than it will in Feature Policy. Look into that, me.
/cc @ptoomey3
-
Check that the setting of cookies follow same origin policies correctly
following discussion on [WebAppSec mailing list](https://lists.w3.org/Archives/Public/public-webappsec/2015Sep/), and summarized…
-
Support for the frame-ancestors directive
- https://w3c.github.io/webappsec-csp/document/#directive-frame-ancestors
- [OWASP browser list](https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sh…
-
https://fetch.spec.whatwg.org/#concept-request-destination shows the CSP directive for a specific destination. I think that list needs to be updated to Content Security Policy Level 3. For example the…
-
I opened this issue here to discuss different aspects of the feature proposed in w3c/webappsec-permissions-policy#269 including the usefulness of it. I am currently working to see if I can get statist…
-
In particular `[[FEATURE-POLICY#parse-policy-directive]]` generates a link to https://www.w3.org/TR/feature-policy-1/#parse-policy-directive instead of the correct https://w3c.github.io/webappsec-feat…
-
cc @mikewest
Step 3 of [1] refers to [2] which treats URL’s origin as opaque if the scheme is not one of "blob", "ftp", "http", "https", "ws", "wss", "file". This means that when [2] is called, it…
-
Hi!
With the current [editor's draft](https://w3c.github.io/network-error-logging/) for NEL, the `NEL: ` header is defined but the "old" Reporting API `Report-To: ` header is referenced (in example…