- From: Yan Zhu <notifications@github.com>
- Date: Fri, 24 Apr 2015 12:36:04 -0700
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Received on Friday, 24 April 2015 19:36:30 UTC
> +### ISSUE: Inconsistent Wording in 4.1? > + > +Section 4.1: > +> We will not upgrade cross-origin navigational requests, with the exception of > +> form submissions > + > +I'm confused now because the document otherwise states that cross-origin > +navigational requests will be upgraded if they are in the "upgrade insecure > +navigations set" for a context. > + > +### CLARIFICATION: Violation Reports for Inherited Policy > + > +As mentioned in 6.2, there is a security issue if a document is able to get > +violation reports for cross-origin nested documents (iframes, etc.) which > +inherit upgrade policy. So if a nested document does not specify its reporting > +endpoint, do all reports from the nested document get blocked? Makes sense --- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/spec-reviews/pull/54/files#r29078827
Received on Friday, 24 April 2015 19:36:30 UTC