- From: Mike West <mkwst@google.com>
- Date: Thu, 15 Oct 2015 09:09:52 +0200
- To: Richard Barnes <rbarnes@mozilla.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 15, 2015 at 5:16 AM, Richard Barnes <rbarnes@mozilla.com> wrote: > The ancestor chain features of the Secure Contexts spec seem like they could > cause some unexpected consequences for an HTTPS page, depending on whether > it's framed in HTTP or not. Perhaps this spec should extend X-Frame-Options > or frame-ancestor to allow the page to specify that it should only be framed > by a secure context? Would that really provide any value above and beyond `frame-ancestors https:`? -mike
Received on Thursday, 15 October 2015 07:10:41 UTC