from March 2012 by thread

New clickjacking threats page Peleus Uhley (Friday, 30 March)

CSP HTTP header description Thomas Roessler (Tuesday, 27 March)

[webappsec] Call for tomorrow, 3/27, CANCELLED Hill, Brad (Tuesday, 27 March)

[webappsec] CSP META tag support - keep or remove? Hill, Brad (Monday, 26 March)

[webappsec] Refining CSP header definitions and advice to intermediaries Hill, Brad (Monday, 26 March)

CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe? sec_ext (Monday, 19 March)

[Bug 16436] New: Resource processing: shouldn't need to split Origin string on SPACE anymore (Monday, 19 March)

[Bug 16434] New: Clarify that "global unique identifier" is an alias for "null" (for all CORS-purposes) (Monday, 19 March)

[webappsec] TPAC 2012 - Lyon, France, Oct 29-Nov2 Hill, Brad (Thursday, 15 March)

[webappsec] Registration for F2F Hill, Brad (Wednesday, 14 March)

webappsec-ISSUE-14 (META tag for CSP): Investigate whether to keep the META tag for CSP Web Application Security Working Group Issue Tracker (Tuesday, 13 March)

FW: W3C WebAppSec WG Meeting Hill, Brad (Tuesday, 13 March)

[webappsec] Updated agenda for 3/13 call Hill, Brad (Tuesday, 13 March)

[webappsec] Agenda for WebAppSec call, today **21:00** UTC Hill, Brad (Tuesday, 13 March)

XSS through content-sniffing: good case for CSP sandbox directive Hill, Brad (Tuesday, 13 March)

[CORS] Review of CORS and WebAppSec prior to LCWD Arthur Barstow (Wednesday, 7 March)

Re: [webappsec] straw man anti-clickjacking proposal Giorgio Maone (Monday, 5 March)

[webappsec] Straw poll: policy-uri in CSP Hill, Brad (Monday, 5 March)

Transition Request: Cross-Origin Resource Sharing (CORS) to Last Call Hill, Brad (Monday, 5 March)

[webappsec] May 2-3 F2F call for objections Hill, Brad (Monday, 5 March)

RE: [webappsec] Bay Area F2F, May 2-3 [CORRECTED] Hill, Brad (Monday, 5 March)

[webappsec] Bay Area F2F, April 11-12 Hill, Brad (Monday, 5 March)

[Bug 16203] New: Nothing is said about what happens when default-src is omitted. (Friday, 2 March)

Re: CSP and cross-frame communication David Bruant (Thursday, 1 March)

Re: Removing the same(ish) origin restriction on report-uri sec_ext (Wednesday, 29 February)

Call for Exclusions (Update): Content Security Policy Ian Jacobs (Thursday, 1 March)

Last message date: Friday, 30 March 2012 22:54:04 UTC