from October 2013 by thread

webappsec-ISSUE-55 (input-protection and seamless iframes): How to handle seamless flag for input-protection policies? [UI Security] Web Application Security Working Group Issue Tracker (Thursday, 31 October)

[webappsec] UISecurity input protection: same origin or same document? Brad Hill (Thursday, 31 October)

[webappsec] New SVG examples for UISecurity obstruction check Brad Hill (Wednesday, 30 October)

Are CSP directives case insensitive? John Wong (Monday, 28 October)

[Bug 23654] New: Point out that Access-Control-Allow-Origin:* is safe for servers not behind a firewall (Monday, 28 October)

[Bug 23653] New: Advice on CORS and caches (Monday, 28 October)

CSP and cookie header management Anne van Kesteren (Wednesday, 23 October)

Content-Security-Policy: referrer always Tom Sepez (Tuesday, 22 October)

Agenda for October 22, 2013 Teleconference Eric Rescorla (Tuesday, 22 October)

'referrer' directive strawman. Mike West (Monday, 21 October)

Re: Updated script hash proposal (non spec text) Devdatta Akhawe (Sunday, 20 October)

[webappsec] new editor's draft of UISecurity Brad Hill (Friday, 18 October)

CSP script hashes, inline and src'd Joel Weinberger (Friday, 18 October)

Reminder: Recharter out for review through Oct. 21 Wendy Seltzer (Tuesday, 15 October)

[webappsec] Handling unsafe UI events Brad Hill (Monday, 14 October)

FYI: RFC 7034 on HTTP Header Field X-Frame-Options Tobias Gondrom (Monday, 14 October)

Re: [CORS] Clarifying the term "user credentials" Austin William Wright (Friday, 11 October)

[webappsec] ISSUE-53: UISecurity input-protection heuristic for composited rendering Brad Hill (Thursday, 10 October)

Behavior when default-src is missing from a CSP Neil Matatall (Wednesday, 9 October)

proposal: move frame-options directive out of UI safety spec into CSP 1.1 Daniel Veditz (Tuesday, 8 October)

[webappsec] Agenda for 8-Oct-2013 Teleconference Brad Hill (Tuesday, 8 October)

ERRATA CORRIGE Actual vote and regrets (was Re: [webappsec] POLL: Getting CSP 1.1 to LCWD) Giorgio Maone (Saturday, 5 October)

Actual vote and regrets (was Re: [webappsec] POLL: Getting CSP 1.1 to LCWD) Giorgio Maone (Saturday, 5 October)

Scripts from Strings: Where is the line? Frederik Braun (Saturday, 5 October)

Actual Poll vote (was: Reminder: please send your preferences (was: POLL: Getting CSP 1.1 to LCWD)) =JeffH (Friday, 4 October)

[webappsec] Reminder: please send your preferences Brad Hill (Friday, 4 October)

Re: [Workers] CSP and SharedWorkers David Bruant (Tuesday, 1 October)

Re: [webappsec] POLL: Getting CSP 1.1 to LCWD Glenn Adams (Tuesday, 1 October)

Last message date: Thursday, 31 October 2013 18:19:42 UTC