Thursday, 28 February 2013
- Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
- Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
- Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
- Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
- Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
- Re: CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
- CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented
- Re: Restricting <base> URLS via CSP
- Re: Restricting <base> URLS via CSP
- Re: Restricting <base> URLS via CSP
Wednesday, 27 February 2013
- Re: Restricting <base> URLS via CSP
- Re: ISSUE-44: Same-origin policy identity query via script-hash. issue is you do a third party inline script with a known script-hash. if it succeeds, you know that the target was as expected, even though you can't read it
Tuesday, 26 February 2013
- Re: Action-92: Propose spec text to resolve ISSUE-32
- ISSUE-44: Same-origin policy identity query via script-hash. issue is you do a third party inline script with a known script-hash. if it succeeds, you know that the target was as expected, even though you can't read it
- Action-92: Propose spec text to resolve ISSUE-32
- [webappsec] March 12 teleconference CANCELLED due to conflict with IETF
- [webappsec] minutes available
- RE: Feedback on UI Safety draft
- RE: Agenda for Feb 26 Call
- Feedback on UI Safety draft
- Agenda for Feb 26 Call
Sunday, 24 February 2013
Friday, 22 February 2013
Tuesday, 19 February 2013
- Call for Exclusions (Update): User Interface Safety Directives for Content Security Policy
- [CORS] list max-age as algorithm parameter
Saturday, 16 February 2013
Friday, 15 February 2013
- RE: Why no fragment part in CSP-report document-uri?
- [Bug 21013] New: Credentials and HTTP authentication
- [Bug 21012] New: Add more text on Vary
Thursday, 14 February 2013
- [CORS] typos
- Re: Do we need Connectors between javascript and security software at personal device?
- Do we need Connectors between javascript and security software at personal device?
Wednesday, 13 February 2013
- Proposal for script-hash directive in CSP 1.1
- Re: Why no fragment part in CSP-report document-uri?
- Why no fragment part in CSP-report document-uri?
- RE: CSP script hashes
- W3C account
- Re: CSP script hashes
- [webappsec] WG satisfaction survey
Tuesday, 12 February 2013
- Re: No scheme in policy: Errors for either scheme
- Re: No scheme in policy: Errors for either scheme
- RE: CSP script hashes
- Re: No scheme in policy: Errors for either scheme
- Re: No scheme in policy: Errors for either scheme
- No scheme in policy: Errors for either scheme
- Re: ISSUE-32: Do we specify that path-specificity applies only to hierarchical URI schemes?
- Re: ISSUE-38: Discuss no-mixed-content directive
- [webappsec] UI Security, allow-from values
- Re: ISSUE-38: Discuss no-mixed-content directive
- Re: CSP script hashes
- RE: CSP script hashes
- Re: CSP script hashes
- [webappsec] Agenda for 12-Feb-2013 WebAppSec Teleconference
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- RE: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
Monday, 11 February 2013
Sunday, 10 February 2013
Friday, 8 February 2013
Tuesday, 5 February 2013
- Re: Blank blocked-uris
- RE: ISSUE-38: Discuss no-mixed-content directive
- Re: Blank blocked-uris
- Blank blocked-uris
Saturday, 2 February 2013
Friday, 1 February 2013
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- Re: CSP script hashes
- CSP script hashes
- webappsec-ISSUE-43 (Custom Elements in CSP 1.1): How are custom elements handled in CSP 1.1? [CSP 1.1]
- webappsec-ISSUE-42 (CSS Nonce): Script-nonce allows inline script, similar treatment for inline css?
- [webappsec] Handling custom elements in CSP