W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2009

[whatwg] Clickjacking and CSRF

From: Jonas Sicking <jonas@sicking.cc>
Date: Thu, 16 Jul 2009 15:13:56 -0700
Message-ID: <63df84f0907161513v6e5b606hf385f73e17ba5646@mail.gmail.com>
On Thu, Jul 16, 2009 at 2:25 PM, Aryeh Gregor<Simetrical+w3c at gmail.com> wrote:
> Is there support in the spec for pinging the report-uri on violations,
> but still allowing the violation to go through? ?That could allow much
> easier deployment, so that you could verify that your policy wasn't
> blocking anything legitimate. ?I don't see it anywhere, but I didn't
> look very hard.

I don't think so. I've cc'ed the relevant people that can answer.

/ Jonas
Received on Thursday, 16 July 2009 15:13:56 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:14 UTC