public-webappsec@w3.org from February 2013 by thread

CORS: Requirement for HTTP 200 response on preflight is not web-compatible and doesn't seem to be interoperably implemented Boris Zbarsky (Thursday, 28 February)

Re: Restricting <base> URLS via CSP Adam Barth (Wednesday, 27 February)

ISSUE-44: Same-origin policy identity query via script-hash. issue is you do a third party inline script with a known script-hash. if it succeeds, you know that the target was as expected, even though you can't read it Web Application Security Working Group Issue Tracker (Tuesday, 26 February)

Action-92: Propose spec text to resolve ISSUE-32 Daniel Veditz (Tuesday, 26 February)

[webappsec] March 12 teleconference CANCELLED due to conflict with IETF Hill, Brad (Tuesday, 26 February)

[webappsec] minutes available Hill, Brad (Tuesday, 26 February)

Feedback on UI Safety draft David Ross (Tuesday, 26 February)

Agenda for Feb 26 Call Eric Rescorla (Tuesday, 26 February)

FTC v HTC America Ben Wilson (Sunday, 24 February)

Call for Exclusions (Update): User Interface Safety Directives for Content Security Policy Ian Jacobs (Tuesday, 19 February)

[CORS] list max-age as algorithm parameter Pellerin, Clement (Tuesday, 19 February)

[Bug 21013] New: Credentials and HTTP authentication bugzilla@jessica.w3.org (Friday, 15 February)

[Bug 21012] New: Add more text on Vary bugzilla@jessica.w3.org (Friday, 15 February)

[CORS] typos Pellerin, Clement (Thursday, 14 February)

Do we need Connectors between javascript and security software at personal device? Mountie Lee (Thursday, 14 February)

Proposal for script-hash directive in CSP 1.1 Nicholas Green (Wednesday, 13 February)

Why no fragment part in CSP-report document-uri? John Wilander (Wednesday, 13 February)

W3C account Nicholas Green (Wednesday, 13 February)

[webappsec] WG satisfaction survey Hill, Brad (Wednesday, 13 February)

No scheme in policy: Errors for either scheme Neil Matatall (Tuesday, 12 February)

Re: ISSUE-32: Do we specify that path-specificity applies only to hierarchical URI schemes? Adam Barth (Tuesday, 12 February)

[webappsec] UI Security, allow-from values Hill, Brad (Tuesday, 12 February)

[webappsec] Agenda for 12-Feb-2013 WebAppSec Teleconference Hill, Brad (Tuesday, 12 February)

Help needed (or not?) (was ISSUE-27: Implementation concern on how to enforce display-time : should we provide more advice on how to do this efficiently?) Giorgio Maone (Sunday, 10 February)

CSP and inline styles Ian Melven (Friday, 8 February)

RE: ISSUE-38: Discuss no-mixed-content directive Neil Matatall (Tuesday, 5 February)

Blank blocked-uris Neil Matatall (Tuesday, 5 February)

CSP script hashes Nicholas Green (Friday, 1 February)

webappsec-ISSUE-43 (Custom Elements in CSP 1.1): How are custom elements handled in CSP 1.1? [CSP 1.1] Web Application Security Working Group Issue Tracker (Friday, 1 February)

webappsec-ISSUE-42 (CSS Nonce): Script-nonce allows inline script, similar treatment for inline css? Web Application Security Working Group Issue Tracker (Friday, 1 February)

[webappsec] Handling custom elements in CSP Hill, Brad (Friday, 1 February)

Last message date: Thursday, 28 February 2013 21:19:02 UTC