- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Wed, 13 Nov 2019 14:08:57 -0800
- To: WebAppSec WG <public-webappsec@w3.org>
- Message-ID: <CADYDTCBKOuhJhXDK9nf9qonb9w+5xNt6NrXfMGeXenyvG43LEw@mail.gmail.com>
WebAppSec WG
Tuesday, November 19th: 18:00 UTC
<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20190716T1800>
(11:00 California, 14:00 Boston, 19:00 London, 20:00 Berlin).
Call Agenda
- Fetch Metadata (https://w3c.github.io/webappsec-fetch-metadata/)
- Recent changes:
- nested-navigate => navigate + Sec-Fetch-Dest (
- <embed>/<object> mode => navigate (
https://github.com/whatwg/fetch/pull/948)
- Blink is likely to send an intent to ship Sec-Fetch-Dest shortly.
- Next steps: FPWD => CR? FPWD => NOTE + Upstreaming everything to
Fetch/HTML?
- Origin Policy (https://github.com/WICG/origin-policy)
- Actively working on the spec again
- Feedback on issues welcome.
- COOP <https://gist.github.com/annevk/6f2dd8c79c77123f39797f6bdac43f3e>
/ COEP <https://mikewest.github.io/corpp/>
- Referrer Policy (https://w3c.github.io/webappsec-referrer-policy/)
- unsafe-url => no-referrer-when-downgrade (
https://github.com/w3c/webappsec-referrer-policy/pull/124)
- Default to strict-origin-when-cross-origin (
https://github.com/w3c/webappsec-referrer-policy/pull/125)
- Non-secure requests? (
https://github.com/w3c/webappsec-referrer-policy/pull/126)
- Mixed Content
-
https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
- MIX => REC, MIX2 => FPWD?
- Permissions
-
https://hacks.mozilla.org/2019/11/upcoming-notification-permission-changes-in-firefox-72/
- Trusted Types
- IsLoggedIn()
If you would like to add an item to the agenda, please open a PR against this
document
<https://github.com/w3c/webappsec/blob/master/meetings/2019/2019-11-19-agenda.md>
Logistics
- *IRC* : irc.w3.org / #webappsec
- *Voice*: https://www.w3.org/2011/webappsec/webex.html
- *Minutes*:
https://cryptpad.w3ctag.org/code/#/2/code/edit/z6J53KHkZNayYLDcjp25GT2i/
Received on Wednesday, 13 November 2019 22:09:18 UTC