- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 22 Nov 2021 17:00:42 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1mpCgM-0000Ap-PG@uranus.w3.org>
Issues
------
* w3c/webappsec-csp (+3/-3/💬5)
3 issues created:
- Fetch rewrites ws/wss URLs, but browsers still report them in CSP (by annevk)
https://github.com/w3c/webappsec-csp/issues/532
- Fix a bug in the example of Strict CSP (by shhnjk)
https://github.com/w3c/webappsec-csp/issues/530
- Add Strict CSP in Authoring Considerations (by shhnjk)
https://github.com/w3c/webappsec-csp/issues/528
2 issues received 5 new comments:
- #532 Fetch rewrites ws/wss URLs, but browsers still report them in CSP (3 by ArthurSonzogni, Rob--W, annevk)
https://github.com/w3c/webappsec-csp/issues/532
- #489 Specify sanitizing algorithm of blockedURL, documentURL, sourceFile beyond fragment exclusion (2 by ArthurSonzogni, Rob--W)
https://github.com/w3c/webappsec-csp/issues/489
3 issues closed:
- Specify sanitizing algorithm of blockedURL, documentURL, sourceFile beyond fragment exclusion https://github.com/w3c/webappsec-csp/issues/489
- Fix a typo in the example of Strict CSP https://github.com/w3c/webappsec-csp/issues/530
- Add Strict CSP in Authoring Considerations https://github.com/w3c/webappsec-csp/issues/528
* w3c/webappsec-credential-management (+0/-2/💬5)
5 issues received 5 new comments:
- #136 add feature policy support for webauthn (1 by equalsJeffH)
https://github.com/w3c/webappsec-credential-management/issues/136 [enhancement]
- #135 feature policy for the various credential types: per-credential? all-included? (1 by equalsJeffH)
https://github.com/w3c/webappsec-credential-management/issues/135 [enhancement]
- #116 "sameOriginWithAncestors is unused" ? should s/unused/false/ ? (1 by equalsJeffH)
https://github.com/w3c/webappsec-credential-management/issues/116
- #113 allow credential-type specs to declare top-level-only or not (1 by equalsJeffH)
https://github.com/w3c/webappsec-credential-management/issues/113
- #92 accessing settings object from in-parallel steps? (1 by equalsJeffH)
https://github.com/w3c/webappsec-credential-management/issues/92
2 issues closed:
- add feature policy support for webauthn https://github.com/w3c/webappsec-credential-management/issues/136 [enhancement]
- allow credential-type specs to declare top-level-only or not https://github.com/w3c/webappsec-credential-management/issues/113
* w3c/permissions (+7/-3/💬16)
7 issues created:
- "xr-spatial-tracking", (by miketaylr)
https://github.com/w3c/permissions/issues/330
- "persistent-storage", (by miketaylr)
https://github.com/w3c/permissions/issues/329
- "nfc", (by miketaylr)
https://github.com/w3c/permissions/issues/328
- "magnetometer", (by miketaylr)
https://github.com/w3c/permissions/issues/326
- Ensure "camera" & "microphone" are defined in their parent spec (by miketaylr)
https://github.com/w3c/permissions/issues/323
- "screen-capture" (by miketaylr)
https://github.com/w3c/permissions/issues/322
- "gyroscope", (by miketaylr)
https://github.com/w3c/permissions/issues/321
10 issues received 16 new comments:
- #330 Ensure "xr-spatial-tracking" is integrated into parent spec (2 by marcoscaceres, miketaylr)
https://github.com/w3c/permissions/issues/330
- #329 "persistent-storage", (1 by miketaylr)
https://github.com/w3c/permissions/issues/329
- #328 Ensure "nfc" is integrated into parent spec (1 by miketaylr)
https://github.com/w3c/permissions/issues/328
- #326 Ensure "magnetometer" is integrated into parent spec (1 by miketaylr)
https://github.com/w3c/permissions/issues/326
- #323 Ensure "camera" & "microphone" are defined in their parent spec (1 by miketaylr)
https://github.com/w3c/permissions/issues/323
- #322 Ensure "display-capture" is integrated into Screen Capture API spec (3 by miketaylr)
https://github.com/w3c/permissions/issues/322
- #321 Ensure "gyroscope" is integrated into Gyroscope API (3 by miketaylr, rakuco)
https://github.com/w3c/permissions/issues/321
- #315 Can we drop the allowed in non-secure contexts flag? (1 by miketaylr)
https://github.com/w3c/permissions/issues/315
- #296 Ensure "accelerometer" is integrated into parent spec (2 by marcoscaceres, miketaylr)
https://github.com/w3c/permissions/issues/296
- #291 Ensure "notifications" permission is properly integrated into parent spec (1 by miketaylr)
https://github.com/w3c/permissions/issues/291
3 issues closed:
- Ensure "xr-spatial-tracking" is integrated into parent spec https://github.com/w3c/permissions/issues/330
- Can we drop the allowed in non-secure contexts flag? https://github.com/w3c/permissions/issues/315
- Ensure "notifications" permission is properly integrated into parent spec https://github.com/w3c/permissions/issues/291
* w3c/webappsec-permissions-policy (+0/-0/💬1)
1 issues received 1 new comments:
- #189 Proposal: define default for all (1 by theherk)
https://github.com/w3c/webappsec-permissions-policy/issues/189 [feature question]
* w3c/webappsec-fetch-metadata (+1/-0/💬5)
1 issues created:
- Fetch-Metadata to indicate when the browser is in a partitioned context (by DCtheTall)
https://github.com/w3c/webappsec-fetch-metadata/issues/80
1 issues received 5 new comments:
- #80 Fetch-Metadata to indicate when the browser is in a partitioned context (5 by annevk, krgovind, mikewest)
https://github.com/w3c/webappsec-fetch-metadata/issues/80
Pull requests
-------------
* w3c/webappsec (+1/-1/💬0)
1 pull requests submitted:
- Update 2021-11-16-agenda.md (by shhnjk)
https://github.com/w3c/webappsec/pull/606
1 pull requests merged:
- Update 2021-11-16-agenda.md
https://github.com/w3c/webappsec/pull/606
* w3c/webappsec-csp (+4/-3/💬31)
4 pull requests submitted:
- Add ['wss', 'ws'] in "Strip URLs for use in reports" allow-list. (by ArthurSonzogni)
https://github.com/w3c/webappsec-csp/pull/533
- Fix a bug in the example of Strict CSP (by shhnjk)
https://github.com/w3c/webappsec-csp/pull/531
- Define Strict CSP in the Authoring Considerations section. (by shhnjk)
https://github.com/w3c/webappsec-csp/pull/529
- Introduce "Strip URL for use in reports". (by ArthurSonzogni)
https://github.com/w3c/webappsec-csp/pull/527
5 pull requests received 31 new comments:
- #533 Add ['wss', 'ws'] in "Strip URLs for use in reports" allow-list. (4 by ArthurSonzogni, annevk)
https://github.com/w3c/webappsec-csp/pull/533
- #529 Define Strict CSP in the Authoring Considerations section. (2 by lweichselbaum, shhnjk)
https://github.com/w3c/webappsec-csp/pull/529
- #527 Introduce "Strip URL for use in reports". (19 by ArthurSonzogni, Rob--W, annevk, mikewest)
https://github.com/w3c/webappsec-csp/pull/527
- #526 Remove calleeRealm from EnsureCSPDoesNotBlockWasmByteCompilation (2 by annevk, fgmccabe)
https://github.com/w3c/webappsec-csp/pull/526
- #293 Minimal specification of 'wasm-unsafe-eval' source directive (4 by boompig, fgmccabe, ostap0207)
https://github.com/w3c/webappsec-csp/pull/293
3 pull requests merged:
- Introduce "Strip URL for use in reports".
https://github.com/w3c/webappsec-csp/pull/527
- Fix a typo in the example of Strict CSP
https://github.com/w3c/webappsec-csp/pull/531
- Define Strict CSP in the Authoring Considerations section.
https://github.com/w3c/webappsec-csp/pull/529
* w3c/webappsec-credential-management (+1/-1/💬0)
1 pull requests submitted:
- Add Nina Satragno as editor (by equalsJeffH)
https://github.com/w3c/webappsec-credential-management/pull/178 [editorial]
1 pull requests merged:
- Add Nina Satragno as editor
https://github.com/w3c/webappsec-credential-management/pull/178 [editorial]
* w3c/permissions (+4/-3/💬2)
4 pull requests submitted:
- Editorial: link <a>express permission</a> inside <a>request permission to use</a>. (by miketaylr)
https://github.com/w3c/permissions/pull/331
- Remove the allowed in non-secure contexts flag (by miketaylr)
https://github.com/w3c/permissions/pull/327
- Editorial: Add 'getting the current permission state' steps (by marcoscaceres)
https://github.com/w3c/permissions/pull/325
- Editorial: Relocate "bluetooth", "camera", "microphone", "notifications", "speaker-selection". (by miketaylr)
https://github.com/w3c/permissions/pull/324
2 pull requests received 2 new comments:
- #327 Remove the allowed in non-secure contexts flag (1 by marcoscaceres)
https://github.com/w3c/permissions/pull/327
- #324 Editorial: Relocate "bluetooth", "camera", "microphone", "notifications", "speaker-selection". (1 by miketaylr)
https://github.com/w3c/permissions/pull/324
3 pull requests merged:
- Remove the allowed in non-secure contexts flag
https://github.com/w3c/permissions/pull/327
- Editorial: Add 'getting the current permission state' steps
https://github.com/w3c/permissions/pull/325
- Editorial: Relocate "camera", "microphone", "notifications", "speaker-selection".
https://github.com/w3c/permissions/pull/324
* w3c/webappsec-fetch-metadata (+1/-0/💬2)
1 pull requests submitted:
- Add `nested-navigate` to list of valid `Sec-Fetch-Mode` values (by 0xedward)
https://github.com/w3c/webappsec-fetch-metadata/pull/81
1 pull requests received 2 new comments:
- #81 Add `nested-navigate` to list of valid `Sec-Fetch-Mode` values (2 by 0xedward, annevk)
https://github.com/w3c/webappsec-fetch-metadata/pull/81
* w3c/webappsec-trusted-types (+0/-1/💬0)
1 pull requests merged:
- Spec draft for fromLiteral method. See #347.
https://github.com/w3c/webappsec-trusted-types/pull/350
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 22 November 2021 17:00:46 UTC