from August 2014 by subject

[CSP] Compatibility with 1.1 or 1.0

[CSP] Dynamic CSP

[CSP] feedback report-uri directive and report-only header

[CSP] feedback sandbox ABNF grammar conflict

[CSP] images loaded in object and embed

[CSP] kill or delay child-src?

[CSP] may we have script-ancestors to protect JSONP call

[CSP] prevent 401 attach

[CSP] Regarding style-src unsafe-eval and CSSOM

[CSP] Request to amend bookmarklet/extensions sentence in CSP1.1

[CSP] Section 5.1 Workers, is this missing a case?

[CSP] use csp-report-only to find out all content-type sniffing

[MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`?

[REFERRER] Naming none and null policies

[REFERRER] Where does "Determine request’s Referrer" get its URL from?

[webappsec] Concluding the Last Call period for CSP Level 2

AW: [CSP] feedback sandbox ABNF grammar conflict

Call for Exclusions: Referrer Policy

Comments on CSP Level 2

CSP for WebRTC

CSP Level 2 last call comment

CSP: 'no-external-navigation'?

Defining secure-enough origins.

Entry Point Regulation (EPR) for web apps

ISSUE-63: Disposition of ch-csp client hint

ISSUE-64: Csp3 how to deal with large policies needed by single-page webapps (

ISSUE-65: Does "no referrer" specify a state or is it a token? is a token with a space problematic?

ISSUE-66: No-external-navigation as potential csp3 feature


Last call CSP Level 2

OT: Technical Considerations for Vetting 3rd Party Mobile Applications

Paths and Redirects

Proposal: Prefer secure origins for powerful new web platform features

PSA: CSP2 last call ends Wednesday.

Referrer vs CSP

Referrer: change from <meta> with respect to origin

Referrer: typo

Regrets (Re: WebAppSec WG Teleconference 27-August-2014 08:00 PDT)

Secure Origins and Strong Authentication

Secure origins, high value code and data, and CAs providing reputational service

Sending a `context` HTTP request header.

WASWG Teleconference Agenda 2014-08-13 0800 PDT

WebAppSec WG Teleconference 27-August-2014 08:00 PDT

Last message date: Sunday, 31 August 2014 17:02:36 UTC