W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2019

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 06 May 2019 17:00:20 +0000
To: public-webappsec@w3.org
Message-Id: <E1hNgyS-0006Uz-Fy@uranus.w3.org>



Issues
------
* w3c/webappsec (+0/-0/💬5)
  2 issues received 5 new comments:
  - #520 Clarify CSP header recommendations for non-HTML pages (4 by annevk, Malvoz, briansmith)
    https://github.com/w3c/webappsec/issues/520 
  - #550 Adopt Fetch Metadata as a deliverable. (1 by mikewest)
    https://github.com/w3c/webappsec/issues/550 [CfC] 

* w3c/webappsec-subresource-integrity (+0/-0/💬1)
  1 issues received 1 new comments:
  - #79 Is it possible to do SRI on importScripts in JS? (1 by freshp86)
    https://github.com/w3c/webappsec-subresource-integrity/issues/79 

* w3c/webappsec-csp (+3/-0/💬8)
  3 issues created:
  - Enforce "at most once" semantics for scripts (by briansmith)
    https://github.com/w3c/webappsec-csp/issues/392 
  - Extend `frame-ancestors` to allow resizing iframe based on its contents. (by briansmith)
    https://github.com/w3c/webappsec-csp/issues/391 
  - Clarify behavior for cached favicon loads (by briansmith)
    https://github.com/w3c/webappsec-csp/issues/390 

  3 issues received 8 new comments:
  - #243 Any protection against dynamic module import? (4 by mikesamuel, briansmith)
    https://github.com/w3c/webappsec-csp/issues/243 
  - #215 Multiple CSP headers restriction is unclear (3 by cnsgithub, briansmith)
    https://github.com/w3c/webappsec-csp/issues/215 
  - #174 Policy to allow only custom properties in inline CSS (1 by nico3333fr)
    https://github.com/w3c/webappsec-csp/issues/174 

* w3c/webappsec-mixed-content (+1/-0/💬1)
  1 issues created:
  - Definition of "unauthenticated response" actually defining "authenticated response"? (by jdeblasio)
    https://github.com/w3c/webappsec-mixed-content/issues/19 

  1 issues received 1 new comments:
  - #19 Definition of "unauthenticated response" actually defining "authenticated response"? (1 by mikewest)
    https://github.com/w3c/webappsec-mixed-content/issues/19 

* w3c/permissions (+1/-0/💬0)
  1 issues created:
  - Add "wake-lock" permission type (by kenchris)
    https://github.com/w3c/permissions/issues/192 

* w3c/webappsec-clear-site-data (+1/-0/💬3)
  1 issues created:
  - Drop executionContexts? (by annevk)
    https://github.com/w3c/webappsec-clear-site-data/issues/59 

  1 issues received 3 new comments:
  - #59 Drop executionContexts? (3 by annevk, asakusuma, wanderview)
    https://github.com/w3c/webappsec-clear-site-data/issues/59 

* w3c/webappsec-feature-policy (+1/-1/💬4)
  1 issues created:
  - Feature-Policy-Report-Only: what types are supported? (by gi11es)
    https://github.com/w3c/webappsec-feature-policy/issues/305 

  4 issues received 4 new comments:
  - #168 Feature-Identifier value for WebAuthn? (1 by equalsJeffH)
    https://github.com/w3c/webappsec-feature-policy/issues/168 [proposed feature] 
  - #288 Opt-in negotiation for new sandboxy features (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/288 
  - #298 Architecture discussion: Permissions (1 by foolip)
    https://github.com/w3c/webappsec-feature-policy/issues/298 
  - #273 Prevent programmatic focus in iframe (1 by ehsan-karamad)
    https://github.com/w3c/webappsec-feature-policy/issues/273 [proposed feature] 

  1 issues closed:
  - Opt-in negotiation for new sandboxy features https://github.com/w3c/webappsec-feature-policy/issues/288 



Pull requests
-------------
* w3c/webappsec-mixed-content (+1/-0/💬0)
  1 pull requests submitted:
  - Fix typo in "unauthenticated response" definition. (by jdeblasio)
    https://github.com/w3c/webappsec-mixed-content/pull/20 

* w3c/webappsec-feature-policy (+4/-4/💬0)
  4 pull requests submitted:
  - add webauthn as proposed feature (FP issue #168) (by equalsJeffH)
    https://github.com/w3c/webappsec-feature-policy/pull/306 
  - Create focus-without-user-activation.md (by ehsan-karamad)
    https://github.com/w3c/webappsec-feature-policy/pull/304 
  - Update loading-frame-default-eager.md (by ehsan-karamad)
    https://github.com/w3c/webappsec-feature-policy/pull/303 
  - Update features.md (by loonybear)
    https://github.com/w3c/webappsec-feature-policy/pull/302 

  4 pull requests merged:
  - move 'payment' from proposed to standard feature
    https://github.com/w3c/webappsec-feature-policy/pull/301 
  - Create loading-image-default-eager.md
    https://github.com/w3c/webappsec-feature-policy/pull/295 
  - Update features.md
    https://github.com/w3c/webappsec-feature-policy/pull/302 
  - Update loading-frame-default-eager.md
    https://github.com/w3c/webappsec-feature-policy/pull/303 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
Received on Monday, 6 May 2019 17:00:26 UTC

This archive was generated by hypermail 2.3.1 : Monday, 6 May 2019 17:00:27 UTC