"Subresource Integrity" spec up for review.
(nonce | hash)
[cors] Add 'Range' to simple headers
[CORS] Does the Authorization header qualify as a CORS credential?
[integrity] Downloads
[integrity]: CSS-loaded resources.
[integrity]: latency tradeoffs
- Brad Hill (Wednesday, 22 January)
- Mike West (Friday, 17 January)
- Devdatta Akhawe (Thursday, 16 January)
- Frederik Braun (Thursday, 16 January)
- Devdatta Akhawe (Thursday, 16 January)
- Adam Langley (Wednesday, 15 January)
- Michal Zalewski (Wednesday, 15 January)
- Adam Langley (Wednesday, 15 January)
- Boris Zbarsky (Wednesday, 15 January)
- Michal Zalewski (Wednesday, 15 January)
- Devdatta Akhawe (Wednesday, 15 January)
- Joel Weinberger (Wednesday, 15 January)
- Adam Langley (Wednesday, 15 January)
- Oda, Terri (Wednesday, 15 January)
- Adam Langley (Wednesday, 15 January)
- Pete Freitag (Wednesday, 15 January)
- Adam Langley (Wednesday, 15 January)
- Mike West (Wednesday, 15 January)
- Mike West (Wednesday, 15 January)
- Joel Weinberger (Tuesday, 14 January)
- Adam Langley (Tuesday, 14 January)
[integrity]: Origin confusion attacks.
- Mike West (Thursday, 16 January)
- Pete Freitag (Friday, 10 January)
- Ben Toews (Friday, 10 January)
- Pete Freitag (Friday, 10 January)
- Sandeep Kamble (Friday, 10 January)
- Pete Freitag (Friday, 10 January)
- Mike West (Friday, 10 January)
- Frederik Braun (Friday, 10 January)
- Mike West (Friday, 10 January)
- Devdatta Akhawe (Friday, 10 January)
- Devdatta Akhawe (Thursday, 9 January)
- Brad Hill (Thursday, 9 January)
- Devdatta Akhawe (Thursday, 9 January)
- Pete Freitag (Thursday, 9 January)
- Mike West (Thursday, 9 January)
- Michal Zalewski (Thursday, 9 January)
- Mike West (Thursday, 9 January)
[webappsec] Agenda for Teleconference, 14 Jan 2014
[webappsec] Disambiguating some subresource integrity use-cases
[webappsec] Informal meetup at AppSec California?
[webappsec] New WG Teleconference Time
Agenda for 2014-01-28 Telecon. NOTE: new time, 1600 UTC
Are CSP directives case insensitive?
Beacon and CSP
CfC to publish new WD of CSP 1.1
Comments on Subresource Integrity
CSP 1.1 referrer + meta >= <meta name="referrer"> ?
CSP 1.1: What remains open (and important)?
CSP and Fetch
CSP formal objection.
- Garrett Robinson (Thursday, 30 January)
- Glenn Adams (Thursday, 30 January)
- Bjoern Hoehrmann (Thursday, 30 January)
- Glenn Adams (Wednesday, 29 January)
- Bjoern Hoehrmann (Wednesday, 29 January)
- Mike West (Wednesday, 29 January)
- Neil Matatall (Wednesday, 29 January)
- Bjoern Hoehrmann (Wednesday, 29 January)
- Hill, Brad (Wednesday, 29 January)
- Bjoern Hoehrmann (Wednesday, 29 January)
- Hill, Brad (Wednesday, 29 January)
- Bjoern Hoehrmann (Wednesday, 29 January)
- Hill, Brad (Wednesday, 29 January)
- Glenn Adams (Wednesday, 29 January)
- Mike West (Wednesday, 29 January)
- Brian Smith (Tuesday, 28 January)
- Anne van Kesteren (Tuesday, 28 January)
- Glenn Adams (Monday, 27 January)
- Devdatta Akhawe (Monday, 27 January)
CSP Transition Tools
- qll (Friday, 17 January)
- Ken Lee (Saturday, 18 January)
- Neil Matatall (Friday, 17 January)
- Yoav Weiss (Friday, 17 January)
- Neil Matatall (Friday, 17 January)
- Yoav Weiss (Friday, 17 January)
- Yoav Weiss (Friday, 17 January)
- Tim Brown (Wednesday, 15 January)
- Sandeep Kamble (Wednesday, 15 January)
- Frederik Braun (Wednesday, 15 January)
- Ken Lee (Tuesday, 14 January)
- Taras Ivashchenko (Tuesday, 14 January)
- John Wong (Tuesday, 14 January)
- Garrett Robinson (Monday, 13 January)
errata link broken
Fwd: CSP formal objection.
GitHub? GitHub.
Hashes/Nonce Source and unsafe-inline
Holiday changes to the CSP 1.1 editor's draft.
How CSP is affected by HTML Imports (or vice versa)
Invitation to connect on LinkedIn
New poll: Europe-friendly teleconference time
Origin-scoped cache/cookie/storage context
- Nasko Oskov (Thursday, 16 January)
- Anne van Kesteren (Thursday, 16 January)
- Nasko Oskov (Wednesday, 15 January)
- Boris Zbarsky (Wednesday, 15 January)
- Anne van Kesteren (Wednesday, 15 January)
- Nasko Oskov (Tuesday, 14 January)
- Nasko Oskov (Friday, 10 January)
- Anne van Kesteren (Saturday, 11 January)
- Anne van Kesteren (Friday, 10 January)
- Mike West (Friday, 10 January)
- Henri Sivonen (Friday, 10 January)
- Anne van Kesteren (Thursday, 9 January)
Processing of meta element
referrer directive expressiveness
Security Review of Network Service Discovery
Sub-origins
Subresource Integrity and fingerprinting
- Mike West (Friday, 10 January)
- Anne van Kesteren (Thursday, 9 January)
- Anne van Kesteren (Thursday, 9 January)
- Mike West (Thursday, 9 January)
- Mark Nottingham (Thursday, 9 January)
- Mike West (Thursday, 9 January)
- Mike West (Thursday, 9 January)
- Devdatta Akhawe (Thursday, 9 January)
- Michal Zalewski (Thursday, 9 January)
- Mike West (Thursday, 9 January)
- Michal Zalewski (Thursday, 9 January)
- Devdatta Akhawe (Thursday, 9 January)
- Michal Zalewski (Thursday, 9 January)
- Devdatta Akhawe (Thursday, 9 January)
Subresource Integrity Length Extension?
Subresource Integrity strawman.
- Ben Toews (Wednesday, 8 January)
- Mike West (Thursday, 9 January)
- Michal Zalewski (Thursday, 9 January)
- Mark Nottingham (Thursday, 9 January)
- Michal Zalewski (Thursday, 9 January)
- Devdatta Akhawe (Wednesday, 8 January)
- Ilya Grigorik (Wednesday, 8 January)
- Joel Weinberger (Wednesday, 8 January)
- Michal Zalewski (Wednesday, 8 January)
- Ilya Grigorik (Wednesday, 8 January)
- Joel Weinberger (Wednesday, 8 January)
- Joshua Peek (Wednesday, 8 January)
- Ilya Grigorik (Wednesday, 8 January)
- Mike West (Wednesday, 8 January)
- Joel Weinberger (Wednesday, 8 January)
- Michal Zalewski (Wednesday, 8 January)
- Mike West (Wednesday, 8 January)
W3C WebAppSec WG Meeting
webappsec-ISSUE-56 (child src navigation): Should we restrict subsequent navigation within child-src? [CSP 1.1]
Last message date: Thursday, 30 January 2014 23:23:12 UTC