- From: Mike West <mkwst@google.com>
- Date: Mon, 21 Oct 2013 11:23:00 +0200
- To: Ian Melven <ian.melven@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAKXHy=fy5RnPqhQAkZf17OOue=KQhfeYhme7kTbZ025zwiD9_Q@mail.gmail.com>
I'd like to do this as well. It would be nice if 'frame-options' support rolled out along with CSP 1.1. Is anyone opposed to this suggestion? If not, I'll do some copy/pasting this week. -mike -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores On Wed, Oct 9, 2013 at 12:01 AM, Ian Melven <ian.melven@gmail.com> wrote: > > For what my personal opinion is worth, I am very strongly in favour of > this. Largely because, unlike XFO, > frame-options was always specified to check all ancestors IIRC - hence > there should be less confusion > around the implementation and usage. > > Thank you for suggesting it, Dan. > > ian > > > > On Tue, Oct 8, 2013 at 2:54 PM, Daniel Veditz <dveditz@mozilla.com> wrote: > >> I'd like to move the frame-options directive out of the UI safety >> speclet and into CSP proper. The X-Frame-Options header is growing in >> usage across the web and I'd like its replacement to be solidified into >> a spec that is actively being finished up rather than in the more >> nebulous UI Safety spec. >> >> -Dan Veditz >> >> >
Received on Monday, 21 October 2013 09:23:48 UTC