W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security]

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 05 Mar 2013 05:41:48 +0000
Message-Id: <E1UCkdI-0006uM-6i@tibor.w3.org>
To: public-webappsec@w3.org
webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security]


Raised by: Brad Hill
On product: UI Security

The current UI Security draft specifies a 'top-only' keyword source for the frame-options directive to preserve exact compatibility with X-Frame-Options.

This is actually a dangerous and mis-understood behavior:


Is there a good reason to keep the 'top-only' behavior?
Received on Tuesday, 5 March 2013 05:41:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:31 UTC