W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2014

[webappsec] Concluding the Last Call period for CSP Level 2

From: Brad Hill <hillbrad@gmail.com>
Date: Wed, 27 Aug 2014 12:34:54 -0700
Message-ID: <CAEeYn8iRUJHOWx4ZAPm-p9Uji7BEon2aEMMfAfTgeUSsQt9Smw@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
We revisited closing Last Call for CSP Level 2 today on the call, but
it was right at the end of the meeting, a number of participants had
to drop early, and the group had a bit of decision fatigue, so though
there were no objections, assent was also less than vigorous.

Therefore we resolved to close LC pending the following:

1) That the client hint (CH-CSP) and child-src features be marked as AT RISK.
2) Clarification that path components are ignored for frame-ancestors
enforcement
3) That there are no further objections on the list.

Regarding #3, if you are reading this object to closing the LC period
for Level 2, please reply before 23:59 PDT, 27-Aug-2014 (midnight
tonight, Pacific) stating your objection.

If no further objections are voiced, Last Call be considered closed at
that time.

thank you,

Brad Hill
Received on Wednesday, 27 August 2014 19:35:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:40 UTC