[webappsec] Teleconference Agenda, 15-Nov-2016, 09:00 PST

https://mit.webex.com/mit/j.php?MTID=mf4fa89ca549c64f744175146bd51a491
Meeting number: 643 678 745
Meeting password: [Consortium abbreviation, lowercase]

JOIN BY PHONE
+1-617-324-0000 US Toll Number
Access code: 643 678 745

Note: USA daylight savings time has ended and times are in PST now.

The last meeting's minutes are have not been published at the usual spot,
apologies.  The AWS instance I kept my minutes processing toolchain on has
failed and I haven't rebuilt it yet.


AGENDA:
========
TOPIC: Agenda bashing

TOPIC: News:
 * CSP Level 2 is a Proposed Recommendation (at last)
   https://www.w3.org/blog/news/archives/5957
 * Initial implementation of Content-Security-Policy: Embedded Enforcement
    https://lists.w3.org/Archives/Public/public-webappsec/2016Nov/0002.html

  Related: CSP-Allow-Origin

https://github.com/w3c/webappsec-csp/commit/0e6481f5613e39e82173dbfc3570619c2fb7a62c


 * Requesting wide review of Screen Orientation API
    https://lists.w3.org/Archives/Public/public-webappsec/2016Nov/0003.html
 * Requesting security review of IndexedDB API
    https://lists.w3.org/Archives/Public/public-webappsec/2016Nov/0004.html

TOPIC: Rechartering
https://lists.w3.org/Archives/Public/public-webappsec/2016Oct/0044.html

TOPIC: Restrict window.name on cross-origin navigation,
https://lists.w3.org/Archives/Public/public-webappsec/2016Jul/0006.html

TOPIC: Restrict CORS-safelisted request headers according to RFC 7231,
filed here: https://github.com/whatwg/fetch/issues/382 , currently
discussed here: https://github.com/w3c/webappsec-csp/issues/115

TOPIC: Restrict the loopback address to same-origin or Secure Contexts,
https://lists.w3.org/Archives/Public/public-webappsec/2016Sep/0089.html

TOPIC: Clarify worker-src goals
https://github.com/w3c/webappsec-csp/issues/146

TOPIC: Redacting ancestorOrigins according to Referrer Policy?
https://github.com/w3c/webappsec-referrer-policy/pull/77