webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security] from Web Application Security Working Group Issue Tracker on 2013-03-05 (public-webappsec@w3.org from March 2013)

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 05 Mar 2013 05:41:48 +0000
To: public-webappsec@w3.org
Message-Id: <E1UCkdI-0006uM-6i@tibor.w3.org>

webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security]

http://www.w3.org/2011/webappsec/track/issues/45

Raised by: Brad Hill
On product: UI Security

The current UI Security draft specifies a 'top-only' keyword source for the frame-options directive to preserve exact compatibility with X-Frame-Options.

This is actually a dangerous and mis-understood behavior:

https://bugzilla.mozilla.org/show_bug.cgi?id=725490

Is there a good reason to keep the 'top-only' behavior?

Received on Tuesday, 5 March 2013 05:41:49 UTC