Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2019-12-02 (public-webappsec@w3.org from December 2019)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 02 Dec 2019 17:00:25 +0000
To: public-webappsec@w3.org
Message-Id: <E1ibp3h-0000T9-Je@uranus.w3.org>
Issues
------
* w3c/webappsec-mixed-content (+0/-4/💬5)
  5 issues received 5 new comments:
  - #23 `cors-with-forced-preflight` is not a mode. (1 by mikewest)
    https://github.com/w3c/webappsec-mixed-content/issues/23 
  - #17 Clarify mixed content behavior for access to origins in CIDR 127.0.0.0/8 or ::1/128  (1 by mikewest)
    https://github.com/w3c/webappsec-mixed-content/issues/17 
  - #15 Move "Mixed Content" to PR. (1 by mikewest)
    https://github.com/w3c/webappsec-mixed-content/issues/15 
  - #13 Track being the only media type that is blocked (1 by mikewest)
    https://github.com/w3c/webappsec-mixed-content/issues/13 [TPAC] 
  - #7 What's the scope of mixed content tainting? (1 by mikewest)
    https://github.com/w3c/webappsec-mixed-content/issues/7 

  4 issues closed:
  - Track being the only media type that is blocked https://github.com/w3c/webappsec-mixed-content/issues/13 [TPAC] 
  - Move "Mixed Content" to PR. https://github.com/w3c/webappsec-mixed-content/issues/15 
  - `cors-with-forced-preflight` is not a mode. https://github.com/w3c/webappsec-mixed-content/issues/23 
  - What's the scope of mixed content tainting? https://github.com/w3c/webappsec-mixed-content/issues/7 

* w3c/permissions (+1/-0/💬0)
  1 issues created:
  - Remove "device-info" permission (by youennf)
    https://github.com/w3c/permissions/issues/203 

* w3c/webappsec-referrer-policy (+0/-0/💬8)
  1 issues received 8 new comments:
  - #123 Inconsistencies with "same-origin" requests (8 by domfarolino, jeisinger, mikewest, yutakahirano)
    https://github.com/w3c/webappsec-referrer-policy/issues/123 

* w3c/webappsec-feature-policy (+0/-0/💬1)
  1 issues received 1 new comments:
  - #207 Feature-Policy and Workers (1 by rsolomakhin)
    https://github.com/w3c/webappsec-feature-policy/issues/207 [duplicate] 

* w3c/webappsec-fetch-metadata (+0/-0/💬3)
  1 issues received 3 new comments:
  - #47 `Sec-Fetch-Site` for requests from extension background pages (3 by anforowicz, iVanlIsh, mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/47 

* WICG/trusted-types (+0/-1/💬9)
  1 issues received 9 new comments:
  - #241 Allow future extensions to the API without breaking compatibility (9 by koto, mikewest, otherdaniel)
    https://github.com/w3c/webappsec-trusted-types/issues/241 

  1 issues closed:
  - getAttributeType is wrong about namespaces https://github.com/w3c/webappsec-trusted-types/issues/240 



Pull requests
-------------
* w3c/permissions (+0/-0/💬1)
  1 pull requests received 1 new comments:
  - #202 Add periodic-background-sync enum and description. (1 by marcoscaceres)
    https://github.com/w3c/permissions/pull/202 

* w3c/webappsec-referrer-policy (+1/-0/💬0)
  1 pull requests submitted:
  - Stop using |environment| and |request|'s origin in referrer calculaiton (by yutakahirano)
    https://github.com/w3c/webappsec-referrer-policy/pull/129 

* w3c/webappsec-feature-policy (+0/-1/💬0)
  1 pull requests merged:
  - Editorial: Align with Web IDL specification
    https://github.com/w3c/webappsec-feature-policy/pull/352 

* w3c/webappsec-fetch-metadata (+3/-2/💬0)
  3 pull requests submitted:
  - Use HTML's same site (by annevk)
    https://github.com/w3c/webappsec-fetch-metadata/pull/50 
  - Fix minor typos in README.md (by sideshowbarker)
    https://github.com/w3c/webappsec-fetch-metadata/pull/49 
  - Explicitly set the Sec-Fetch-User header value (by jugglinmike)
    https://github.com/w3c/webappsec-fetch-metadata/pull/48 

  2 pull requests merged:
  - Fix minor typos in README.md
    https://github.com/w3c/webappsec-fetch-metadata/pull/49 
  - Explicitly set the Sec-Fetch-User header value
    https://github.com/w3c/webappsec-fetch-metadata/pull/48 

* WICG/trusted-types (+1/-0/💬0)
  1 pull requests submitted:
  - Added require-trusted-types-for directive. (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/244 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
* https://github.com/w3c/webappsec-unofficial-drafts
Received on Monday, 2 December 2019 17:00:27 UTC