Re: proposal: move frame-options directive out of UI safety spec into CSP 1.1

I'd like to do this as well. It would be nice if 'frame-options' support
rolled out along with CSP 1.1.

Is anyone opposed to this suggestion? If not, I'll do some copy/pasting
this week.

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores


On Wed, Oct 9, 2013 at 12:01 AM, Ian Melven <ian.melven@gmail.com> wrote:

>
> For what my personal opinion is worth, I am very strongly in favour of
> this. Largely because, unlike XFO,
> frame-options was always specified to check all ancestors IIRC - hence
> there should be less confusion
> around the implementation and usage.
>
> Thank you for suggesting it, Dan.
>
> ian
>
>
>
> On Tue, Oct 8, 2013 at 2:54 PM, Daniel Veditz <dveditz@mozilla.com> wrote:
>
>> I'd like to move the frame-options directive out of the UI safety
>> speclet and into CSP proper. The X-Frame-Options header is growing in
>> usage across the web and I'd like its replacement to be solidified into
>> a spec that is actively being finished up rather than in the more
>> nebulous UI Safety spec.
>>
>> -Dan Veditz
>>
>>
>

Received on Monday, 21 October 2013 09:23:48 UTC