W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 24 Oct 2014 13:13:44 +0200
Message-ID: <CADnb78h34eYTdoQ_znyiw4Grw2y_GoEM364tQny3t0NKSpCiCQ@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Sean Snider <ssnider@yahoo-inc.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Oct 24, 2014 at 11:52 AM, Mike West <mkwst@google.com> wrote:
> WebKit and Blink/Opera implement `window.location.ancestorOrigins`, which
> might help you here. Firefox has (quite plausible) privacy concerns with
> that API.

We might be ready to reconsider this. I was wondering though whether
the API can still be made asynchronous given everyone's out-of-process
<iframe> aspirations.

Received on Friday, 24 October 2014 11:14:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:41 UTC