- From: Mark Foltz via GitHub <sysbot+gh@w3.org>
- Date: Thu, 23 Mar 2017 06:14:50 +0000
- To: public-secondscreen@w3.org
Following up on a couple of items to close out loose threads: - Checking our implementation briefly, I believe that we can apply the _sandboxed top-level navigation browsing context flag_ on a top-level receiving browsing context. This is in part because CSP Level 3 allows resources fetched with CSP to be sandboxed as well, including top-level resources [1]. We'll know for sure when we actually implement this [2]. - I will send a PR to add the non-normative text suggested by @tidoust in https://github.com/w3c/presentation-api/issues/414#issuecomment-283591125. - I will see if there are any reported incompatibilities with using the History API in a sandboxed `<iframe>`, or, failing that, can whip up a demo. - Regarding HTTP Auth, I believe Chrome will block that as part of other modal dialogs (and presumably fail the authentication request). Will check as part of fixing the implementation here. [1] https://www.w3.org/TR/CSP/#directive-sandbox [2] https://bugs.chromium.org/p/chromium/issues/detail?id=697526 -- GitHub Notification of comment by mfoltzgoogle Please view or discuss this issue at https://github.com/w3c/presentation-api/issues/414#issuecomment-288627018 using your GitHub account
Received on Thursday, 23 March 2017 06:14:56 UTC