W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2013

Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1

From: Ian Melven <ian.melven@gmail.com>
Date: Tue, 8 Oct 2013 15:01:52 -0700
Message-ID: <CA+0m=FcQXajmdDNJ_qhX8Bj_Qsm5Jw0pKMMt-+rYHLNGN5F9Kg@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
For what my personal opinion is worth, I am very strongly in favour of
this. Largely because, unlike XFO,
frame-options was always specified to check all ancestors IIRC - hence
there should be less confusion
around the implementation and usage.

Thank you for suggesting it, Dan.


On Tue, Oct 8, 2013 at 2:54 PM, Daniel Veditz <dveditz@mozilla.com> wrote:

> I'd like to move the frame-options directive out of the UI safety
> speclet and into CSP proper. The X-Frame-Options header is growing in
> usage across the web and I'd like its replacement to be solidified into
> a spec that is actively being finished up rather than in the more
> nebulous UI Safety spec.
> -Dan Veditz
Received on Tuesday, 8 October 2013 22:02:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:35 UTC