"Mixed Content" draft up for review - HSTS interworking
"Mixed Content" draft up for review - HSTS primary purpose
"Mixed Content" draft up for review.
- Brian Smith (Tuesday, 3 June)
- Brian Smith (Tuesday, 3 June)
- Anne van Kesteren (Tuesday, 3 June)
- Tanvi Vyas (Monday, 2 June)
- Yan Zhu (Monday, 2 June)
- Tanvi Vyas (Monday, 2 June)
- Devdatta Akhawe (Monday, 2 June)
- Daniel Veditz (Monday, 2 June)
- Ryan Sleevi (Monday, 2 June)
- Devdatta Akhawe (Monday, 2 June)
- Ryan Sleevi (Monday, 2 June)
- Mike West (Monday, 2 June)
- Anne van Kesteren (Monday, 2 June)
- Ryan Sleevi (Monday, 2 June)
- Devdatta Akhawe (Monday, 2 June)
- Mike West (Monday, 2 June)
- Mike West (Monday, 2 June)
- Ryan Sleevi (Monday, 2 June)
- Anne van Kesteren (Monday, 2 June)
- Mike West (Monday, 2 June)
- Anne van Kesteren (Monday, 2 June)
[blink-dev] Proposal: Prefer secure origins for powerful new web platform features
[blink-dev] Re: Proposal: Prefer secure origins for powerful new web platform features
[Bug 26061] New: Improve consistency with CSP 1.1 w.r.t. add-on/extension semantics.
[CSP] Additional report field: report-only: "true|false"
[CSP] enforcement on non text-html resources
[integrity] The noncanonical-src attribute
[MIX] blob URLs
[MIX] Checking parent/top (Re: "Mixed Content" draft up for review.)
[MIX] Comments on draft Mixed Content spec
[MIX] localhost should not be trusted
[MIX]: "Assumed"/"Proven" Terminology.
[MIX]: "Assumed"/"Proven" Terminology. (Re: [MIX]: Expand scope beyond TLS/non-TLS)
[MIX]: 'allow-from' header? (Re: "Mixed Content" draft up for review.)
[MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`?
[MIX]: Expand scope beyond TLS/non-TLS (Re: "Mixed Content" draft up for review.)
- Jesper Kristensen (Sunday, 15 June)
- Chris Palmer (Wednesday, 11 June)
- Chris Palmer (Wednesday, 11 June)
- Katharine Berry (Wednesday, 11 June)
- Mike West (Wednesday, 11 June)
- Zack Weinberg (Tuesday, 10 June)
- Katharine Berry (Tuesday, 10 June)
- Mike West (Tuesday, 10 June)
- Mike West (Tuesday, 10 June)
- Katharine Berry (Tuesday, 10 June)
- Zack Weinberg (Monday, 9 June)
- Katharine Berry (Friday, 6 June)
- Mike West (Friday, 6 June)
- Katharine Berry (Friday, 6 June)
- Mike West (Friday, 6 June)
- Katharine Berry (Friday, 6 June)
- Zack Weinberg (Friday, 6 June)
- Jeffrey Walton (Friday, 6 June)
- Zack Weinberg (Friday, 6 June)
- Mike West (Thursday, 5 June)
- Mike West (Wednesday, 4 June)
[MIX]: Move specifics to a non-normative section/document? (Re: "Mixed Content" draft up for review.)
[webappsec] Help build the CSP test suite at Test the Web Forward Portland, August 3
- Rebecca Hauck (Thursday, 5 June)
- James Graham (Wednesday, 4 June)
- Odin Hørthe Omdal (Wednesday, 4 June)
- Hill, Brad (Wednesday, 4 June)
- Odin Hørthe Omdal (Wednesday, 4 June)
- Hill, Brad (Wednesday, 4 June)
- Odin Hørthe Omdal (Wednesday, 4 June)
- Brad Hill (Wednesday, 4 June)
[webappsec] Teleconference Agenda: 04-Jun-2014
[webappsec] WebAppSec WG Teleconference Agenda 18-June-2014
Agenda, 5 June 2014 SVG WG / WebAppSec WG telcon
Call for Exclusions (Update): Subresource Integrity
CfC to publish a LCWD of CSP 1.1
- Hill, Brad (Tuesday, 24 June)
- Anne van Kesteren (Tuesday, 24 June)
- Mike West (Tuesday, 24 June)
- Mike West (Tuesday, 24 June)
- Daniel Veditz (Friday, 20 June)
- Brad Hill (Friday, 20 June)
- Mike West (Friday, 20 June)
- Brad Hill (Wednesday, 18 June)
- Glenn Adams (Wednesday, 11 June)
- Anne van Kesteren (Wednesday, 11 June)
- Mike West (Wednesday, 11 June)
- Mike West (Wednesday, 11 June)
- Sigbjørn Vik (Wednesday, 11 June)
- Mike West (Wednesday, 11 June)
- Anne van Kesteren (Wednesday, 11 June)
- Sigbjørn Vik (Wednesday, 11 June)
- Mike West (Wednesday, 11 June)
CfC to publish FPWD of Mixed Content.
CORS and null
CSP sandboxing and workers
- Mike West (Friday, 6 June)
- Oda, Terri (Thursday, 5 June)
- Hill, Brad (Thursday, 5 June)
- Mike West (Thursday, 5 June)
- Brad Hill (Wednesday, 4 June)
- Brad Hill (Wednesday, 4 June)
- Mike West (Tuesday, 3 June)
- Oda, Terri (Tuesday, 3 June)
- Brad Hill (Monday, 2 June)
- Anne van Kesteren (Monday, 2 June)
- Brad Hill (Monday, 2 June)
- Mike West (Sunday, 1 June)
- Anne van Kesteren (Sunday, 1 June)
CSP wildcard host matching
CSP, Fetch, and frame-ancestors
- Mike West (Wednesday, 4 June)
- Anne van Kesteren (Wednesday, 4 June)
- Mike West (Wednesday, 4 June)
- Anne van Kesteren (Wednesday, 4 June)
- Mike West (Wednesday, 4 June)
- Anne van Kesteren (Wednesday, 4 June)
- Mike West (Wednesday, 4 June)
- Anne van Kesteren (Wednesday, 4 June)
- Mike West (Wednesday, 4 June)
- Brad Hill (Wednesday, 4 June)
CSP: 'no-external-navigation'?
CSP: Block redirects by default?
CSP: Problems with referrer and reflected-xss
- Daniel Veditz (Wednesday, 18 June)
- Mike West (Tuesday, 17 June)
- Chris Palmer (Monday, 16 June)
- Brian Smith (Monday, 16 June)
- Brian Smith (Monday, 16 June)
- Mike West (Monday, 16 June)
- Brad Hill (Friday, 13 June)
- Brad Hill (Friday, 13 June)
- Glenn Adams (Friday, 13 June)
- Brian Smith (Friday, 13 June)
Discuss SVG and CSP for the June 5 SVG teleconference
Header Policy Vs. Meta tag policy
- Daniel Veditz (Thursday, 12 June)
- Mike West (Thursday, 12 June)
- Devdatta Akhawe (Wednesday, 11 June)
- Mike West (Wednesday, 11 June)
- Devdatta Akhawe (Wednesday, 11 June)
- Daniel Veditz (Wednesday, 11 June)
- Mike West (Wednesday, 11 June)
- Daniel Veditz (Wednesday, 11 June)
- Mike West (Wednesday, 11 June)
- Giorgio Maone (Tuesday, 10 June)
- Oda, Terri (Tuesday, 10 June)
- Tanvi Vyas (Tuesday, 10 June)
- Mike West (Tuesday, 10 June)
- Kevin Hill (Monday, 9 June)
- Kevin Hill (Friday, 6 June)
Isolated Web Components for a more secure web
ISSUE-61: Should we mark referrer and reflected-xss as at risk in csp 1.1 lcwd?
Naming things: CSP 1.1 -> CSP level 2?
PFWG comments on User Interface Security Directives for Content Security Policy
Proposal: Prefer secure origins for powerful new web platform features
Reducing reporting noise
- Glenn Adams (Wednesday, 25 June)
- Mike West (Wednesday, 25 June)
- Glenn Adams (Tuesday, 24 June)
- Daniel Veditz (Friday, 20 June)
- Chris Palmer (Friday, 20 June)
- Joel Weinberger (Friday, 20 June)
- Hill, Brad (Friday, 20 June)
- Devdatta Akhawe (Friday, 20 June)
- Daniel Veditz (Friday, 20 June)
- Glenn Adams (Friday, 20 June)
- Mike West (Friday, 20 June)
- Mike West (Friday, 20 June)
- Neil Matatall (Friday, 20 June)
- Glenn Adams (Thursday, 19 June)
- Daniel Veditz (Thursday, 19 June)
Regrets ( [webappsec] WebAppSec WG Teleconference Agenda 18-June-2014 )
Remove paths from CSP?
- Sigbjørn Vik (Thursday, 5 June)
- Mike West (Thursday, 5 June)
- Sigbjørn Vik (Thursday, 5 June)
- Mike West (Thursday, 5 June)
- Brad Hill (Wednesday, 4 June)
- Sigbjørn Vik (Tuesday, 3 June)
- Mike West (Tuesday, 3 June)
- Sigbjørn Vik (Monday, 2 June)
- Mike West (Monday, 2 June)
- Sigbjørn Vik (Monday, 2 June)
Standardize referrer policy
- Sid Stamm (Thursday, 12 June)
- Mike West (Thursday, 12 June)
- Mike West (Thursday, 12 June)
- Anne van Kesteren (Thursday, 12 June)
- Mike West (Thursday, 12 June)
- Anne van Kesteren (Thursday, 12 June)
- Anne van Kesteren (Thursday, 12 June)
- Mike West (Thursday, 12 June)
- Sid Stamm (Wednesday, 11 June)
- Hill, Brad (Wednesday, 11 June)
- Sid Stamm (Wednesday, 11 June)
- Jochen Eisinger (Wednesday, 11 June)
- John Kemp (Wednesday, 11 June)
- Jochen Eisinger (Wednesday, 11 June)
- John Kemp (Wednesday, 11 June)
- Mike West (Wednesday, 11 June)
- Jochen Eisinger (Wednesday, 11 June)
webappsec-ISSUE-62: is reflected-xss at risk?
Last message date: Monday, 30 June 2014 23:11:37 UTC