[powerful-features] Framing

The ancestor chain features of the Secure Contexts spec seem like they
could cause some unexpected consequences for an HTTPS page, depending on
whether it's framed in HTTP or not.  Perhaps this spec should extend
X-Frame-Options or frame-ancestor to allow the page to specify that it
should only be framed by a secure context?

Received on Thursday, 15 October 2015 03:16:44 UTC