- From: Hill, Brad <bhill@paypal.com>
- Date: Wed, 27 Aug 2014 15:53:31 +0000
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Wednesday, 27 August 2014 15:53:59 UTC
One final last call comment if it's not too late... The directive-value ABNF for frame-ancestors is just listed as "source-list". The previous ABNF when it was in the UISecurity spec, and previous X-Frame-Options behavior, should only accept a list of host-sources, or should discard any extra path information and use only the Origin. This is not reflected in current spec text. -Brad
Received on Wednesday, 27 August 2014 15:53:59 UTC