public-webappsec@w3.org from July 2014 by subject

"Why is CSP failing? Trends and Challenges in CSP Adoption"

[blink-dev] Proposal: Prefer secure origins for powerful new web platform features

[Bulk] Proposal: Prefer secure origins for powerful new web platform features

[CSP] Directive to disallow a response from being used as a Service Worker

[CSP] Policy direction for bookmarklets/extensions augmenting page-level CSP?

[CSP] Request to amend bookmarklet/extensions sentence in CSP1.1

[CSP] Rule referencing

[Integrity] HTTP/1.1 reference

[Integrity] Signature based subresource integrity?

[MIX] blob URLs

[MIX] Consider all CORS requests "active"

[MIX]: Can we distinguish between images loader via `<picture>`/`srcset` and `<img>`?

[REFERRER] Where does "Determine request's Referrer" get its URL from?

[REFERRER] Where does "Determine request’s Referrer" get its URL from?

[SRI] What should we Hash Redux

[webappsec] 30-July WebAppSec Teleconference CANCELLED

[webappsec] tomorrow's call

Call for Exclusions: Content Security Policy Level 2

CfC to publish FPWD on Referrer Policy.

CORS and CSRF protection

CSP 1.1 frameancestors and blobs

CSP declarations in html meta tags

CSP wildcard host matching

CSP: 'no-external-navigation'?

img-src and inline <svg>

Isolated Web Components for a more secure web

Mixed Content ED Comments

Mixed Content Spec feedback

PFWG comments on User Interface Security Directives for Content Security Policy

Proposal: Prefer secure origins for powerful new web platform features

Resource integrity transparency

SRI and CORS

SRI: <a> vs integrity

WebAppSec WG Teleconference 02-July-2014 08:00 PDT

WebAppSec WG Teleconference 16-July-2014 08:00 PDT

Last message date: Thursday, 31 July 2014 15:15:04 UTC