-
Support for the frame-ancestors directive
- https://w3c.github.io/webappsec-csp/document/#directive-frame-ancestors
- [OWASP browser list](https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sh…
-
I opened this issue here to discuss different aspects of the feature proposed in w3c/webappsec-permissions-policy#269 including the usefulness of it. I am currently working to see if I can get statist…
-
_From @mikewest on May 20, 2015 18:54_
Step 3.2 of https://w3c.github.io/webappsec/specs/credentialmanagement/#request-credential rejects the Promise returned by `get()` if it's called from a nested …
-
It doesn't seem like a good idea to overload suborigins with this (see https://github.com/w3c/webappsec-suborigins/issues/75).
-
Hi!
With the current [editor's draft](https://w3c.github.io/network-error-logging/) for NEL, the `NEL: ` header is defined but the "old" Reporting API `Report-To: ` header is referenced (in example…
-
@yoavweiss said:
> Can we add https://w3c.github.io/webappsec/specs/upgrade/ to make sure this doesn't happen again with some other resources? (in supporting browsers)
And I believe we can :)
-
https://w3c.github.io/webappsec-csp/#html-integration lists a number of patches that need to be made to HTML in order to support CSP. I'll wrap those up here.
-
Hello developers of Joomla-Base!
I want to inform you about multiple vulnerabilities in your software. These are Denial of Service, XML Injection, Cross-Site Scripting, Full path disclosure and Insuf…
-
### Describe the bug?
Hi there, I have to integrate okta for Single Sign On with client side library (Angular 7).
I followed all the steps from this [post](https://developer.okta.com/code/angular/…
-
I should not be able to see verbose error messages.
See http://projects.webappsec.org/w/page/13246936/Information%20Leakage
To view reports of errors on your end, consider using Raygun or Elmah