Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1 from Ian Melven on 2013-10-08 (public-webappsec@w3.org from October 2013)

From: Ian Melven <ian.melven@gmail.com>
Date: Tue, 8 Oct 2013 15:01:52 -0700
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CA+0m=FcQXajmdDNJ_qhX8Bj_Qsm5Jw0pKMMt-+rYHLNGN5F9Kg@mail.gmail.com>

For what my personal opinion is worth, I am very strongly in favour of
this. Largely because, unlike XFO,
frame-options was always specified to check all ancestors IIRC - hence
there should be less confusion
around the implementation and usage.

Thank you for suggesting it, Dan.

ian

On Tue, Oct 8, 2013 at 2:54 PM, Daniel Veditz <dveditz@mozilla.com> wrote:

> I'd like to move the frame-options directive out of the UI safety
> speclet and into CSP proper. The X-Frame-Options header is growing in
> usage across the web and I'd like its replacement to be solidified into
> a spec that is actively being finished up rather than in the more
> nebulous UI Safety spec.
>
> -Dan Veditz
>
>

Received on Tuesday, 8 October 2013 22:02:19 UTC