- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 22 Nov 2021 17:00:42 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1mpCgM-0000Ap-PG@uranus.w3.org>
Issues ------ * w3c/webappsec-csp (+3/-3/💬5) 3 issues created: - Fetch rewrites ws/wss URLs, but browsers still report them in CSP (by annevk) https://github.com/w3c/webappsec-csp/issues/532 - Fix a bug in the example of Strict CSP (by shhnjk) https://github.com/w3c/webappsec-csp/issues/530 - Add Strict CSP in Authoring Considerations (by shhnjk) https://github.com/w3c/webappsec-csp/issues/528 2 issues received 5 new comments: - #532 Fetch rewrites ws/wss URLs, but browsers still report them in CSP (3 by ArthurSonzogni, Rob--W, annevk) https://github.com/w3c/webappsec-csp/issues/532 - #489 Specify sanitizing algorithm of blockedURL, documentURL, sourceFile beyond fragment exclusion (2 by ArthurSonzogni, Rob--W) https://github.com/w3c/webappsec-csp/issues/489 3 issues closed: - Specify sanitizing algorithm of blockedURL, documentURL, sourceFile beyond fragment exclusion https://github.com/w3c/webappsec-csp/issues/489 - Fix a typo in the example of Strict CSP https://github.com/w3c/webappsec-csp/issues/530 - Add Strict CSP in Authoring Considerations https://github.com/w3c/webappsec-csp/issues/528 * w3c/webappsec-credential-management (+0/-2/💬5) 5 issues received 5 new comments: - #136 add feature policy support for webauthn (1 by equalsJeffH) https://github.com/w3c/webappsec-credential-management/issues/136 [enhancement] - #135 feature policy for the various credential types: per-credential? all-included? (1 by equalsJeffH) https://github.com/w3c/webappsec-credential-management/issues/135 [enhancement] - #116 "sameOriginWithAncestors is unused" ? should s/unused/false/ ? (1 by equalsJeffH) https://github.com/w3c/webappsec-credential-management/issues/116 - #113 allow credential-type specs to declare top-level-only or not (1 by equalsJeffH) https://github.com/w3c/webappsec-credential-management/issues/113 - #92 accessing settings object from in-parallel steps? (1 by equalsJeffH) https://github.com/w3c/webappsec-credential-management/issues/92 2 issues closed: - add feature policy support for webauthn https://github.com/w3c/webappsec-credential-management/issues/136 [enhancement] - allow credential-type specs to declare top-level-only or not https://github.com/w3c/webappsec-credential-management/issues/113 * w3c/permissions (+7/-3/💬16) 7 issues created: - "xr-spatial-tracking", (by miketaylr) https://github.com/w3c/permissions/issues/330 - "persistent-storage", (by miketaylr) https://github.com/w3c/permissions/issues/329 - "nfc", (by miketaylr) https://github.com/w3c/permissions/issues/328 - "magnetometer", (by miketaylr) https://github.com/w3c/permissions/issues/326 - Ensure "camera" & "microphone" are defined in their parent spec (by miketaylr) https://github.com/w3c/permissions/issues/323 - "screen-capture" (by miketaylr) https://github.com/w3c/permissions/issues/322 - "gyroscope", (by miketaylr) https://github.com/w3c/permissions/issues/321 10 issues received 16 new comments: - #330 Ensure "xr-spatial-tracking" is integrated into parent spec (2 by marcoscaceres, miketaylr) https://github.com/w3c/permissions/issues/330 - #329 "persistent-storage", (1 by miketaylr) https://github.com/w3c/permissions/issues/329 - #328 Ensure "nfc" is integrated into parent spec (1 by miketaylr) https://github.com/w3c/permissions/issues/328 - #326 Ensure "magnetometer" is integrated into parent spec (1 by miketaylr) https://github.com/w3c/permissions/issues/326 - #323 Ensure "camera" & "microphone" are defined in their parent spec (1 by miketaylr) https://github.com/w3c/permissions/issues/323 - #322 Ensure "display-capture" is integrated into Screen Capture API spec (3 by miketaylr) https://github.com/w3c/permissions/issues/322 - #321 Ensure "gyroscope" is integrated into Gyroscope API (3 by miketaylr, rakuco) https://github.com/w3c/permissions/issues/321 - #315 Can we drop the allowed in non-secure contexts flag? (1 by miketaylr) https://github.com/w3c/permissions/issues/315 - #296 Ensure "accelerometer" is integrated into parent spec (2 by marcoscaceres, miketaylr) https://github.com/w3c/permissions/issues/296 - #291 Ensure "notifications" permission is properly integrated into parent spec (1 by miketaylr) https://github.com/w3c/permissions/issues/291 3 issues closed: - Ensure "xr-spatial-tracking" is integrated into parent spec https://github.com/w3c/permissions/issues/330 - Can we drop the allowed in non-secure contexts flag? https://github.com/w3c/permissions/issues/315 - Ensure "notifications" permission is properly integrated into parent spec https://github.com/w3c/permissions/issues/291 * w3c/webappsec-permissions-policy (+0/-0/💬1) 1 issues received 1 new comments: - #189 Proposal: define default for all (1 by theherk) https://github.com/w3c/webappsec-permissions-policy/issues/189 [feature question] * w3c/webappsec-fetch-metadata (+1/-0/💬5) 1 issues created: - Fetch-Metadata to indicate when the browser is in a partitioned context (by DCtheTall) https://github.com/w3c/webappsec-fetch-metadata/issues/80 1 issues received 5 new comments: - #80 Fetch-Metadata to indicate when the browser is in a partitioned context (5 by annevk, krgovind, mikewest) https://github.com/w3c/webappsec-fetch-metadata/issues/80 Pull requests ------------- * w3c/webappsec (+1/-1/💬0) 1 pull requests submitted: - Update 2021-11-16-agenda.md (by shhnjk) https://github.com/w3c/webappsec/pull/606 1 pull requests merged: - Update 2021-11-16-agenda.md https://github.com/w3c/webappsec/pull/606 * w3c/webappsec-csp (+4/-3/💬31) 4 pull requests submitted: - Add ['wss', 'ws'] in "Strip URLs for use in reports" allow-list. (by ArthurSonzogni) https://github.com/w3c/webappsec-csp/pull/533 - Fix a bug in the example of Strict CSP (by shhnjk) https://github.com/w3c/webappsec-csp/pull/531 - Define Strict CSP in the Authoring Considerations section. (by shhnjk) https://github.com/w3c/webappsec-csp/pull/529 - Introduce "Strip URL for use in reports". (by ArthurSonzogni) https://github.com/w3c/webappsec-csp/pull/527 5 pull requests received 31 new comments: - #533 Add ['wss', 'ws'] in "Strip URLs for use in reports" allow-list. (4 by ArthurSonzogni, annevk) https://github.com/w3c/webappsec-csp/pull/533 - #529 Define Strict CSP in the Authoring Considerations section. (2 by lweichselbaum, shhnjk) https://github.com/w3c/webappsec-csp/pull/529 - #527 Introduce "Strip URL for use in reports". (19 by ArthurSonzogni, Rob--W, annevk, mikewest) https://github.com/w3c/webappsec-csp/pull/527 - #526 Remove calleeRealm from EnsureCSPDoesNotBlockWasmByteCompilation (2 by annevk, fgmccabe) https://github.com/w3c/webappsec-csp/pull/526 - #293 Minimal specification of 'wasm-unsafe-eval' source directive (4 by boompig, fgmccabe, ostap0207) https://github.com/w3c/webappsec-csp/pull/293 3 pull requests merged: - Introduce "Strip URL for use in reports". https://github.com/w3c/webappsec-csp/pull/527 - Fix a typo in the example of Strict CSP https://github.com/w3c/webappsec-csp/pull/531 - Define Strict CSP in the Authoring Considerations section. https://github.com/w3c/webappsec-csp/pull/529 * w3c/webappsec-credential-management (+1/-1/💬0) 1 pull requests submitted: - Add Nina Satragno as editor (by equalsJeffH) https://github.com/w3c/webappsec-credential-management/pull/178 [editorial] 1 pull requests merged: - Add Nina Satragno as editor https://github.com/w3c/webappsec-credential-management/pull/178 [editorial] * w3c/permissions (+4/-3/💬2) 4 pull requests submitted: - Editorial: link <a>express permission</a> inside <a>request permission to use</a>. (by miketaylr) https://github.com/w3c/permissions/pull/331 - Remove the allowed in non-secure contexts flag (by miketaylr) https://github.com/w3c/permissions/pull/327 - Editorial: Add 'getting the current permission state' steps (by marcoscaceres) https://github.com/w3c/permissions/pull/325 - Editorial: Relocate "bluetooth", "camera", "microphone", "notifications", "speaker-selection". (by miketaylr) https://github.com/w3c/permissions/pull/324 2 pull requests received 2 new comments: - #327 Remove the allowed in non-secure contexts flag (1 by marcoscaceres) https://github.com/w3c/permissions/pull/327 - #324 Editorial: Relocate "bluetooth", "camera", "microphone", "notifications", "speaker-selection". (1 by miketaylr) https://github.com/w3c/permissions/pull/324 3 pull requests merged: - Remove the allowed in non-secure contexts flag https://github.com/w3c/permissions/pull/327 - Editorial: Add 'getting the current permission state' steps https://github.com/w3c/permissions/pull/325 - Editorial: Relocate "camera", "microphone", "notifications", "speaker-selection". https://github.com/w3c/permissions/pull/324 * w3c/webappsec-fetch-metadata (+1/-0/💬2) 1 pull requests submitted: - Add `nested-navigate` to list of valid `Sec-Fetch-Mode` values (by 0xedward) https://github.com/w3c/webappsec-fetch-metadata/pull/81 1 pull requests received 2 new comments: - #81 Add `nested-navigate` to list of valid `Sec-Fetch-Mode` values (2 by 0xedward, annevk) https://github.com/w3c/webappsec-fetch-metadata/pull/81 * w3c/webappsec-trusted-types (+0/-1/💬0) 1 pull requests merged: - Spec draft for fromLiteral method. See #347. https://github.com/w3c/webappsec-trusted-types/pull/350 Repositories tracked by this digest: ----------------------------------- * https://github.com/w3c/webappsec * https://github.com/w3c/webappsec-subresource-integrity * https://github.com/w3c/webappsec-csp * https://github.com/w3c/webappsec-mixed-content * https://github.com/w3c/webappsec-upgrade-insecure-requests * https://github.com/w3c/webappsec-credential-management * https://github.com/w3c/permissions * https://github.com/w3c/webappsec-referrer-policy * https://github.com/w3c/webappsec-secure-contexts * https://github.com/w3c/webappsec-clear-site-data * https://github.com/w3c/webappsec-cowl * https://github.com/w3c/webappsec-epr * https://github.com/w3c/webappsec-suborigins * https://github.com/w3c/webappsec-cspee * https://github.com/w3c/webappsec-permissions-policy * https://github.com/w3c/webappsec-fetch-metadata * https://github.com/w3c/webappsec-trusted-types * https://github.com/w3c/webappsec-change-password-url * https://github.com/w3c/webappsec-post-spectre-webdev -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 22 November 2021 17:00:46 UTC