Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebAppSec reviews #36

Closed
mnot opened this issue Sep 30, 2014 · 4 comments
Closed

WebAppSec reviews #36

mnot opened this issue Sep 30, 2014 · 4 comments
Assignees
@mnot
Milestone
TPAC 2014

Comments

@mnot
Copy link
Member

mnot commented Sep 30, 2014

CSP2: https://w3c.github.io/webappsec/specs/content-security-policy/
Mixed Content: https://w3c.github.io/webappsec/specs/mixedcontent/
Referrer Policy: https://w3c.github.io/webappsec/specs/referrer-policy/
Subresource Integrity: https://w3c.github.io/webappsec/specs/subresourceintegrity/
@mnot mnot self-assigned this Sep 30, 2014
@mnot
Copy link
Member Author

mnot commented Sep 30, 2014

Discussed in London; @domenic and @mnot interested in reviewing.

@JeniT to take a look at SRI from the angle of link metadata.
@mnot to look at all, reference link hints? http://tools.ietf.org/html/draft-nottingham-link-hint-00
@slightlyoff is probably interested in CSP2

Due Oct 21

@mnot mnot added this to the TPAC 2014 milestone Sep 30, 2014
@mikewest
Copy link

mikewest commented Oct 1, 2014

Great. I'm happy to answer any preliminary questions you fine folks have. Otherwise, the WG mailing list is very friendly. :)

@mnot
Copy link
Member Author

mnot commented Oct 23, 2014

I've given feedback on Mixed Content; looks pretty good, only smallish nits.

Will be bringing up the issue of whether relaxing Referer is a good idea privacy/security wise in Referrer.

@mnot
Copy link
Member Author

mnot commented Jan 8, 2015

Discussed in NYC; splitting out to separate issues for SRI CSP2.

@mnot mnot closed this as completed Jan 8, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mnot mnot

Labels
None yet
Projects
None yet
Milestone
TPAC 2014
Development

No branches or pull requests
2 participants
@mikewest @mnot