W3C home > Mailing lists > Public > public-web-security@w3.org > February 2012

RE: Anti-clickjacking proposal

From: Hill, Brad <bhill@paypal-inc.com>
Date: Thu, 23 Feb 2012 16:48:04 +0000
To: Mike Nepomny <mike.nepomny@gmail.com>, "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E03620A@DEN-EXDDA-S11.corp.ebay.com>
Mike,

Frame ancestor permissions are being handled in the IETF WebSec WG as part of the Frame-Options header.

http://www.ietf.org/mail-archive/web/websec/current/msg01031.html

-Brad

From: Mike Nepomny [mailto:mike.nepomny@gmail.com]
Sent: Wednesday, February 22, 2012 2:28 PM
To: public-web-security@w3.org
Subject: Re: Anti-clickjacking proposal

Hi Peleus,
Looks like frame-ancestor directive was dropped from the latest CSP edition. Are there any replacement?

How to control what site can frame our application?

Thank you very much.

Mike Nepomny

Security Architect
Received on Thursday, 23 February 2012 16:48:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 February 2012 16:48:37 GMT