Re: [powerful-features] Framing

On Thu, Oct 15, 2015 at 12:00 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Thu, Oct 15, 2015 at 9:09 AM, Mike West <mkwst@google.com> wrote:
>> Would that really provide any value above and beyond `frame-ancestors https:`?
>
> It would for various URL schemes that are not entirely unrealistic in
> an ancestor chain, e.g., about:blank, about:srcdoc, data:....

Interesting. *shrug* I guess we could add something for those, but I'm
still not really convinced that there's substantial value. Filed
https://github.com/w3c/webappsec-csp/issues/23 so it doesn't get lost.

-mike

Received on Thursday, 15 October 2015 11:31:05 UTC