public-webappsec@w3.org from August 2014 by thread

CSP for WebRTC Martin Thomson (Thursday, 28 August)

[CSP] Regarding style-src unsafe-eval and CSSOM Frederik Braun (Thursday, 28 August)

• Re: [CSP] Regarding style-src unsafe-eval and CSSOM Jonas Sicking (Thursday, 28 August)

[CSP] Compatibility with 1.1 or 1.0 Jim Manico (Thursday, 28 August)

• Re: [CSP] Compatibility with 1.1 or 1.0 Frederik Braun (Thursday, 28 August)

[webappsec] Concluding the Last Call period for CSP Level 2 Brad Hill (Wednesday, 27 August)

LAST CALL Kevin Hill (Wednesday, 27 August)

CSP Level 2 last call comment Hill, Brad (Wednesday, 27 August)

• Re: CSP Level 2 last call comment Devdatta Akhawe (Thursday, 28 August)

ISSUE-66: No-external-navigation as potential csp3 feature http://lists.w3.org/archives/public/public-webappsec/2014aug/0053.html Web Application Security Working Group Issue Tracker (Wednesday, 27 August)

ISSUE-65: Does "no referrer" specify a state or is it a token? is a token with a space problematic? Web Application Security Working Group Issue Tracker (Wednesday, 27 August)

ISSUE-64: Csp3 how to deal with large policies needed by single-page webapps (http://lists.w3.org/archives/public/public-webappsec/2014aug/0021.html) Web Application Security Working Group Issue Tracker (Wednesday, 27 August)

ISSUE-63: Disposition of ch-csp client hint Web Application Security Working Group Issue Tracker (Wednesday, 27 August)

[CSP] may we have script-ancestors to protect JSONP call Hatter Jiang OWS (Wednesday, 27 August)

• Re: [CSP] may we have script-ancestors to protect JSONP call Devdatta Akhawe (Thursday, 28 August)
  • Re: [CSP] may we have script-ancestors to protect JSONP call Hatter Jiang OWS (Thursday, 28 August)

[CSP] kill or delay child-src? Daniel Veditz (Wednesday, 27 August)

WebAppSec WG Teleconference 27-August-2014 08:00 PDT Brad Hill (Tuesday, 26 August)

• Re: WebAppSec WG Teleconference 27-August-2014 08:00 PDT Wendy Seltzer (Wednesday, 27 August)
• Regrets (Re: WebAppSec WG Teleconference 27-August-2014 08:00 PDT) Giorgio Maone (Wednesday, 27 August)

OT: Technical Considerations for Vetting 3rd Party Mobile Applications Jeffrey Walton (Saturday, 23 August)

Secure origins, high value code and data, and CAs providing reputational service Jeffrey Walton (Friday, 22 August)

• Re: Secure origins, high value code and data, and CAs providing reputational service Michal Zalewski (Saturday, 23 August)

Defining secure-enough origins. Mike West (Friday, 22 August)

• Re: Defining secure-enough origins. Boris Zbarsky (Friday, 22 August)
  • Re: Defining secure-enough origins. Mike West (Friday, 22 August)
    • Re: Defining secure-enough origins. Boris Zbarsky (Friday, 22 August)
      • Re: Defining secure-enough origins. Mike West (Friday, 22 August)
        • Re: Defining secure-enough origins. Boris Zbarsky (Friday, 22 August)
          • Re: Defining secure-enough origins. Mike West (Friday, 22 August)
            • Re: Defining secure-enough origins. Boris Zbarsky (Friday, 22 August)
            • Re: Defining secure-enough origins. Mike West (Friday, 22 August)
            • Re: Defining secure-enough origins. Boris Zbarsky (Friday, 22 August)
            • Re: Defining secure-enough origins. Mike West (Friday, 22 August)
            • Re: Defining secure-enough origins. Chris Palmer (Monday, 25 August)
• Re: Defining secure-enough origins. Jeffrey Yasskin (Thursday, 28 August)
  • Re: Defining secure-enough origins. Anne van Kesteren (Sunday, 31 August)

[CSP] feedback report-uri directive and report-only header Stefan Ossendorf (Thursday, 21 August)

• RE: [CSP] feedback report-uri directive and report-only header Hill, Brad (Thursday, 21 August)
  • Re: [CSP] feedback report-uri directive and report-only header Caleb Queern (Thursday, 21 August)

Secure Origins and Strong Authentication Jeffrey Walton (Wednesday, 20 August)

• Re: Secure Origins and Strong Authentication Chris Palmer (Thursday, 21 August)

re: Proposal: Prefer secure origins for powerful new web platform features Mark Watson (Wednesday, 20 August)

• Re: Proposal: Prefer secure origins for powerful new web platform features Jim Manico (Wednesday, 20 August)
  • Re: Proposal: Prefer secure origins for powerful new web platform features Mark Watson (Wednesday, 20 August)
    • Re: Proposal: Prefer secure origins for powerful new web platform features Jim Manico (Wednesday, 20 August)
      • Re: Proposal: Prefer secure origins for powerful new web platform features Mark Watson (Wednesday, 20 August)
        • Re: Proposal: Prefer secure origins for powerful new web platform features Eduardo' Vela\ (Wednesday, 20 August)
          • Re: Proposal: Prefer secure origins for powerful new web platform features Anne van Kesteren (Wednesday, 20 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Mike West (Thursday, 21 August)
          • Re: Proposal: Prefer secure origins for powerful new web platform features Mike West (Thursday, 21 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Eduardo' Vela\ (Thursday, 21 August)
          • Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Thursday, 21 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Eduardo' Vela\ (Thursday, 21 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Thursday, 21 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Eduardo' Vela\ (Thursday, 21 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Jeffrey Yasskin (Thursday, 21 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Eduardo' Vela\ (Thursday, 21 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Thursday, 21 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Adam Langley (Thursday, 21 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Mark Watson (Thursday, 21 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Adam Langley (Thursday, 21 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Mark Watson (Thursday, 21 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Mark Watson (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Adam Langley (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Jim Manico (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Ian Melven (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Anne van Kesteren (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Ian Melven (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Anne van Kesteren (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Glenn Adams (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Jeffrey Walton (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features John Kemp (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Austin William Wright (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Eduardo' Vela\ (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features John Kemp (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Jim Manico (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features John Kemp (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Jeffrey Yasskin (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features John Kemp (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Jeffrey Yasskin (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features John Kemp (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features John Kemp (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Anne van Kesteren (Saturday, 23 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Jim Manico (Friday, 22 August)
        • Re: Proposal: Prefer secure origins for powerful new web platform features Jeffrey Yasskin (Friday, 22 August)
          • Re: Proposal: Prefer secure origins for powerful new web platform features Mark Watson (Friday, 22 August)
            • Re: Proposal: Prefer secure origins for powerful new web platform features Jeffrey Yasskin (Friday, 22 August)
  • Re: Proposal: Prefer secure origins for powerful new web platform features Jeffrey Yasskin (Friday, 22 August)
    • Re: Proposal: Prefer secure origins for powerful new web platform features Mark Watson (Friday, 22 August)
• Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Thursday, 21 August)
  • Re: Proposal: Prefer secure origins for powerful new web platform features Mark Watson (Thursday, 21 August)
    • Re: Proposal: Prefer secure origins for powerful new web platform features Chris Palmer (Thursday, 21 August)
      • Re: Proposal: Prefer secure origins for powerful new web platform features Mark Watson (Thursday, 21 August)

[REFERRER] Naming none and null policies Ángel (Monday, 18 August)

• Re: [REFERRER] Naming none and null policies Anne van Kesteren (Tuesday, 19 August)
  • Re: [REFERRER] Naming none and null policies Mike West (Tuesday, 19 August)
    • Re: [REFERRER] Naming none and null policies Anne van Kesteren (Tuesday, 19 August)
      • Re: [REFERRER] Naming none and null policies Mike West (Tuesday, 19 August)
        • Re: [REFERRER] Naming none and null policies Anne van Kesteren (Thursday, 21 August)

Re: CSP: 'no-external-navigation'? Deian Stefan (Tuesday, 19 August)

[CSP] Section 5.1 Workers, is this missing a case? Kevin Hill (Monday, 18 August)

• Re: [CSP] Section 5.1 Workers, is this missing a case? Mike West (Tuesday, 19 August)
  • RE: [CSP] Section 5.1 Workers, is this missing a case? Kevin Hill (Thursday, 21 August)
    • Re: [CSP] Section 5.1 Workers, is this missing a case? Mike West (Friday, 22 August)

[CSP] images loaded in object and embed Kevin Hill (Monday, 18 August)

• Re: [CSP] images loaded in object and embed Mike West (Tuesday, 19 August)
• Re: [CSP] images loaded in object and embed Dirk Schulze (Tuesday, 19 August)
• Re: [CSP] images loaded in object and embed Anne van Kesteren (Tuesday, 19 August)

Referrer: change from <meta> with respect to origin Anne van Kesteren (Monday, 18 August)

• Re: Referrer: change from <meta> with respect to origin Mike West (Monday, 18 August)

Sending a `context` HTTP request header. Mike West (Monday, 18 August)

• Re: Sending a `context` HTTP request header. Anne van Kesteren (Monday, 18 August)

[CSP] use csp-report-only to find out all content-type sniffing Hatter Jiang OWS (Saturday, 16 August)

• Re: [CSP] use csp-report-only to find out all content-type sniffing Mike West (Monday, 18 August)
  • Re: [CSP] use csp-report-only to find out all content-type sniffing Anne van Kesteren (Monday, 18 August)

Paths and Redirects Antonio Sanso (Friday, 15 August)

• Re: Paths and Redirects Mike West (Monday, 18 August)
  • Re: Paths and Redirects Antonio Sanso (Monday, 18 August)
  • Re: Paths and Redirects Antonio Sanso (Monday, 18 August)

Referrer vs CSP Anne van Kesteren (Saturday, 16 August)

• Re: Referrer vs CSP Mike West (Monday, 18 August)

Referrer: typo Anne van Kesteren (Saturday, 16 August)

• Re: Referrer: typo Mike West (Monday, 18 August)

Comments on CSP Level 2 Nottingham, Mark (Thursday, 14 August)

• Re: Comments on CSP Level 2 Anne van Kesteren (Thursday, 14 August)
  • Re: Comments on CSP Level 2 Nottingham, Mark (Thursday, 14 August)
• Re: Comments on CSP Level 2 Mike West (Monday, 18 August)
  • Re: Comments on CSP Level 2 Nottingham, Mark (Tuesday, 19 August)

Last call CSP Level 2 Kevin Hill (Wednesday, 13 August)

• Re: Last call CSP Level 2 Mike West (Wednesday, 13 August)
  • RE: Last call CSP Level 2 Kevin Hill (Wednesday, 13 August)

WASWG Teleconference Agenda 2014-08-13 0800 PDT Daniel Veditz (Wednesday, 13 August)

• Re: WASWG Teleconference Agenda 2014-08-13 0800 PDT Wendy Seltzer (Wednesday, 13 August)

[CSP] Dynamic CSP Dmitry Polyakov (Monday, 11 August)

[CSP] feedback sandbox ABNF grammar conflict Stefan Ossendorf (Sunday, 10 August)

• Re: [CSP] feedback sandbox ABNF grammar conflict Devdatta Akhawe (Monday, 11 August)
  • Re: [CSP] feedback sandbox ABNF grammar conflict Mike West (Monday, 11 August)
    • AW: [CSP] feedback sandbox ABNF grammar conflict Stefan Ossendorf (Tuesday, 12 August)
      • Re: [CSP] feedback sandbox ABNF grammar conflict Mike West (Monday, 18 August)
        • RE: [CSP] feedback sandbox ABNF grammar conflict Stefan Ossendorf (Monday, 18 August)

PSA: CSP2 last call ends Wednesday. Mike West (Monday, 11 August)

[CSP] prevent 401 attach Hatter Jiang (Friday, 8 August)

• Re: [CSP] prevent 401 attach Anne van Kesteren (Saturday, 9 August)

Call for Exclusions: Referrer Policy Coralie Mercier (Thursday, 7 August)

Entry Point Regulation (EPR) for web apps David Ross (Tuesday, 5 August)

• Re: Entry Point Regulation (EPR) for web apps Anne van Kesteren (Wednesday, 6 August)
• Re: Entry Point Regulation (EPR) for web apps Frederik Braun (Wednesday, 6 August)
  • Re: Entry Point Regulation (EPR) for web apps David Ross (Wednesday, 6 August)
  • Re: Entry Point Regulation (EPR) for web apps Giorgio Maone (Thursday, 7 August)

Re: [MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`? Simon Pieters (Monday, 4 August)

Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? Anne van Kesteren (Friday, 1 August)

Re: [CSP] Request to amend bookmarklet/extensions sentence in CSP1.1 Daniel Veditz (Friday, 1 August)

• Re: [CSP] Request to amend bookmarklet/extensions sentence in CSP1.1 Giorgio Maone (Friday, 1 August)
• Re: [CSP] Request to amend bookmarklet/extensions sentence in CSP1.1 Philip Constantinou (Friday, 1 August)
  • Re: [CSP] Request to amend bookmarklet/extensions sentence in CSP1.1 Glenn Adams (Sunday, 3 August)
  • Re: [CSP] Request to amend bookmarklet/extensions sentence in CSP1.1 Brad Hill (Sunday, 3 August)
    • Re: [CSP] Request to amend bookmarklet/extensions sentence in CSP1.1 Brian Smith (Monday, 4 August)
• Re: [CSP] Request to amend bookmarklet/extensions sentence in CSP1.1 Brian Smith (Monday, 4 August)

Last message date: Sunday, 31 August 2014 17:02:36 UTC