Re: Frame Ancestors and Referrer (Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note) from Anne van Kesteren on 2014-10-24 (public-webappsec@w3.org from October 2014)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 24 Oct 2014 13:14:29 +0200
To: Mike West <mkwst@google.com>
Cc: Sean Snider <ssnider@yahoo-inc.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CADnb78hixsi_OdZ-nLtt4mLaBKd4FxBT4tmhYMr89+7+Y5YuYw@mail.gmail.com>

On Fri, Oct 24, 2014 at 1:13 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Fri, Oct 24, 2014 at 11:52 AM, Mike West <mkwst@google.com> wrote:
>> WebKit and Blink/Opera implement `window.location.ancestorOrigins`, which
>> might help you here. Firefox has (quite plausible) privacy concerns with
>> that API.
>
> We might be ready to reconsider this. I was wondering though whether
> the API can still be made asynchronous given everyone's out-of-process
> <iframe> aspirations.

Forgot to mention, this feature is tracked in these bugs:

  https://www.w3.org/Bugs/Public/show_bug.cgi?id=22699
  https://bugzilla.mozilla.org/show_bug.cgi?id=1085214


-- 
https://annevankesteren.nl/

Received on Friday, 24 October 2014 11:14:56 UTC