Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2025-06-09 (public-webappsec@w3.org from June 2025)

From: W3C Webmaster via GitHub API <noreply@w3.org>
Date: Mon, 09 Jun 2025 17:00:24 +0000
To: public-webappsec@w3.org
Message-Id: <E1uOfrE-006dRu-2Y@janus.w3.internal>
Issues
------
* w3c/webappsec-subresource-integrity (+1/-1/💬1)
  1 issues created:
  - Spec doesn't mention blob and data protocol exemption (by FKLC)
    https://github.com/w3c/webappsec-subresource-integrity/issues/136 

  1 issues received 1 new comments:
  - #136 Spec doesn't mention blob and data protocol exemption (1 by yoavweiss)
    https://github.com/w3c/webappsec-subresource-integrity/issues/136 

  1 issues closed:
  - Spec doesn't mention blob and data protocol exemption https://github.com/w3c/webappsec-subresource-integrity/issues/136 

* w3c/webappsec-csp (+1/-2/💬4)
  1 issues created:
  - Add Back The `prefetch-src` Directive to The CSP Header (by zphrs)
    https://github.com/w3c/webappsec-csp/issues/733 

  2 issues received 4 new comments:
  - #733 Add Back The `prefetch-src` Directive to The CSP Header (3 by noamr, zphrs)
    https://github.com/w3c/webappsec-csp/issues/733 
  - #690 Consider recommending the usage of events instead of CSP reports for CSP WPTs (1 by dveditz)
    https://github.com/w3c/webappsec-csp/issues/690 [meta] 

  2 issues closed:
  - Inconsistency between script pre- and post-request checks for `strict-dynamic` ASCII case-sensitivity https://github.com/w3c/webappsec-csp/issues/727 
  - Conflicting SRI test cases for integrity checks and cross-origin hosts. https://github.com/w3c/webappsec-csp/issues/728 

* w3c/webappsec-secure-contexts (+0/-0/💬1)
  1 issues received 1 new comments:
  - #66 Is "file:" protocol considered a "secure context", if not why? (1 by rbbydotdev)
    https://github.com/w3c/webappsec-secure-contexts/issues/66 

* w3c/webappsec-permissions-policy (+1/-0/💬0)
  1 issues created:
  - Maybe provide a guidance for UA developers w.r.t. unknown permissions (by misha-drozd)
    https://github.com/w3c/webappsec-permissions-policy/issues/569 

* w3c/webappsec-fetch-metadata (+1/-0/💬0)
  1 issues created:
  - Incorrect link to "same site" concept for `sec-fetch-site` header (by TimvdLippe)
    https://github.com/w3c/webappsec-fetch-metadata/issues/93 



Pull requests
-------------
* w3c/webappsec-subresource-integrity (+4/-3/💬6)
  4 pull requests submitted:
  - Fix the report type to match implementations (by yoavweiss)
    https://github.com/w3c/webappsec-subresource-integrity/pull/141 
  - [editorial] Make JSON valid (by tabatkins)
    https://github.com/w3c/webappsec-subresource-integrity/pull/139 
  - Remove url ref and rename integrity policy struct (by yoavweiss)
    https://github.com/w3c/webappsec-subresource-integrity/pull/138 
  - Add blob and data url exemption (by FKLC)
    https://github.com/w3c/webappsec-subresource-integrity/pull/137 

  1 pull requests received 6 new comments:
  - #137 Add blob and data url exemption (6 by FKLC, mikewest, yoavweiss)
    https://github.com/w3c/webappsec-subresource-integrity/pull/137 

  3 pull requests merged:
  - Add blob and data url exemption
    https://github.com/w3c/webappsec-subresource-integrity/pull/137 
  - [editorial] Make JSON valid
    https://github.com/w3c/webappsec-subresource-integrity/pull/139 
  - Remove url ref and rename integrity policy struct
    https://github.com/w3c/webappsec-subresource-integrity/pull/138 

* w3c/webappsec-csp (+0/-1/💬1)
  1 pull requests received 1 new comments:
  - #730 Further clarify post-request check (1 by w3cbot)
    https://github.com/w3c/webappsec-csp/pull/730 [editorial] 

  1 pull requests merged:
  - Further clarify post-request check
    https://github.com/w3c/webappsec-csp/pull/730 [editorial] 

* w3c/webappsec-referrer-policy (+1/-0/💬0)
  1 pull requests submitted:
  - Handle the null fetch client case (by domenic)
    https://github.com/w3c/webappsec-referrer-policy/pull/175 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 9 June 2025 17:00:25 UTC