Re: [powerful-features] Framing

On Thu, Oct 15, 2015 at 5:16 AM, Richard Barnes <rbarnes@mozilla.com> wrote:
> The ancestor chain features of the Secure Contexts spec seem like they could
> cause some unexpected consequences for an HTTPS page, depending on whether
> it's framed in HTTP or not.  Perhaps this spec should extend X-Frame-Options
> or frame-ancestor to allow the page to specify that it should only be framed
> by a secure context?

Would that really provide any value above and beyond `frame-ancestors https:`?

-mike

Received on Thursday, 15 October 2015 07:10:41 UTC