RE: Anti-clickjacking proposal from Hill, Brad on 2012-02-23 (public-web-security@w3.org from February 2012)

From: Hill, Brad <bhill@paypal-inc.com>
Date: Thu, 23 Feb 2012 16:48:04 +0000
To: Mike Nepomny <mike.nepomny@gmail.com>, "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E03620A@DEN-EXDDA-S11.corp.ebay.com>

Mike,

Frame ancestor permissions are being handled in the IETF WebSec WG as part of the Frame-Options header.

http://www.ietf.org/mail-archive/web/websec/current/msg01031.html

-Brad

From: Mike Nepomny [mailto:mike.nepomny@gmail.com]
Sent: Wednesday, February 22, 2012 2:28 PM
To: public-web-security@w3.org
Subject: Re: Anti-clickjacking proposal

Hi Peleus,
Looks like frame-ancestor directive was dropped from the latest CSP edition. Are there any replacement?

How to control what site can frame our application?

Thank you very much.

Mike Nepomny

Security Architect

Received on Thursday, 23 February 2012 16:48:37 UTC