- From: Mike West <mkwst@google.com>
- Date: Thu, 15 Oct 2015 13:30:16 +0200
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Richard Barnes <rbarnes@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 15, 2015 at 12:00 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Thu, Oct 15, 2015 at 9:09 AM, Mike West <mkwst@google.com> wrote: >> Would that really provide any value above and beyond `frame-ancestors https:`? > > It would for various URL schemes that are not entirely unrealistic in > an ancestor chain, e.g., about:blank, about:srcdoc, data:.... Interesting. *shrug* I guess we could add something for those, but I'm still not really convinced that there's substantial value. Filed https://github.com/w3c/webappsec-csp/issues/23 so it doesn't get lost. -mike
Received on Thursday, 15 October 2015 11:31:05 UTC