ACTION-1![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Find an appropriate way to make available http://www.w3.org/2001/tag/2011/02/security-web.html to the Web App Sec working group |
Brad Hill |
2011-11-07 |
|
ACTION-2![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Get brandon CVS access. |
Brad Hill |
2011-11-07 |
|
ACTION-3![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Move CSP to CVS from Mercurial. |
Brandon Sterne |
2011-11-07 |
|
ACTION-4![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Seek out all old CSP drafts and point them to the new verison |
Brandon Sterne |
2011-11-07 |
|
ACTION-5![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Set up a doodle for selecting a time for calls |
Eric Rescorla |
2011-11-07 |
|
ACTION-6![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Set up testing mailing list |
Brad Hill |
2011-11-07 |
|
ACTION-7![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Set up mecurial repo for test cases |
Brad Hill |
2011-11-07 |
|
ACTION-8![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Coordinate with phillipe or mike @ w3c on testing infrastructure |
Brad Hill |
2011-11-07 |
|
ACTION-9![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Document interactions between CORS and caching / vary header and best practices |
Adam Barth |
2011-12-13 |
|
ACTION-10![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Invite mark miller and tyler close to join WG, comment on UMP |
Brad Hill |
2011-11-07 |
|
ACTION-11![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Document content-type header values that influence determination of simple / non-simple CORS request type |
Adam Barth |
2011-12-20 |
|
ACTION-12![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Document lack of critical semantics on policy directives, behavior on unknown extensions or new directives |
Adam Barth |
2011-11-07 |
|
ACTION-13![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Create a wiki page for soft registrations of directives people are experimenting with |
Adam Barth |
2011-11-07 |
|
ACTION-14![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Remove proposed directives and make any urgent editorial by COB tomorrow. |
Brandon Sterne |
2011-11-07 |
|
ACTION-15![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
And bhill2 to issue a call for comments before an FPWD to last one week tomorrow COB |
Eric Rescorla |
2011-11-07 |
|
ACTION-16![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Update the milestones with dates he feels comfortable with |
Anne van Kesteren |
2011-12-13 |
|
ACTION-17![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add 1.1 as an item on the WG page. |
Brad Hill |
2011-11-07 |
|
ACTION-18![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Round-trip decision on sandboxing in CSP to WHATWG |
Brad Hill |
2011-11-07 |
|
ACTION-19![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Clarify policy applied for html loaded via object tag |
Adam Barth |
2012-01-03 |
ISSUE-8 |
ACTION-20![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Liason with widgets activity on policy placeholder for widgets |
Brad Hill |
2012-05-29 |
|
ACTION-21![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Update cheat sheet |
Brad Hill |
2011-11-08 |
|
ACTION-22![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Take a first cut. |
Brad Hill |
2011-11-08 |
|
ACTION-23![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Take a first cut at a use cases document for isolated addressable frames |
Brad Hill |
2011-11-08 |
|
ACTION-24![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Draft spec language for sandbox directive |
Adam Barth |
2011-11-29 |
|
ACTION-25![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Ping jrossi for feedback on policy-uri directive |
Brad Hill |
2011-11-08 |
|
ACTION-26![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Set up mercurial repo for tests and get a simple test for Adam |
Gopal Raghavan |
2011-11-29 |
|
ACTION-27![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Start discussion on issue 8 next week |
Adam Barth |
2011-11-29 |
|
ACTION-28![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Start discussion on issue 4 next week |
Adam Barth |
2011-11-29 |
|
ACTION-29![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Send out CfC for CORS advancement to Last Call to public-webappsec and public-webapps |
Brad Hill |
2011-12-13 |
|
ACTION-30![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Test |
Eric Rescorla |
2011-12-13 |
|
ACTION-31![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Edit Firefox compatible CSP/Workers interaction into document |
Adam Barth |
2011-12-13 |
|
ACTION-32![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Document object tag/HTML interaction (issue 8) as "should be syntax-oriented, not semantics-oriented" |
Brandon Sterne |
2011-12-13 |
|
ACTION-33![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Create VirtualBox image for test development |
Brad Hill |
2012-01-15 |
|
ACTION-34![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Go through document and check that "first found" policy is clear |
Eric Rescorla |
2012-01-11 |
|
ACTION-35![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add advice for server operators about combining policies |
Adam Barth |
2012-03-13 |
|
ACTION-36![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Copy clicking jacking info to wiki and email list |
David Huang |
2012-03-13 |
|
ACTION-37![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Email anne wrt proposed additions to security considerations for CORS re: confused deputy |
Brad Hill |
2012-01-10 |
|
ACTION-38![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Record that ISPs should not mess with CSP, and if you are worried about this, you should do HTTPS. |
Brandon Sterne |
2012-01-10 |
|
ACTION-39![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Incorporate Eric's Action 34 comments into the document |
Adam Barth |
2012-01-24 |
|
ACTION-40![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Modify the spec to say that img-src loads which fail due to CSP policy cause errors to be raised (ISSUE-9) |
Adam Barth |
2012-01-24 |
|
ACTION-41![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Update the spec per consensus on ISSUE 10 |
Adam Barth |
2012-01-24 |
|
ACTION-42![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Confirm on list that we are going to remove request headers (ISSUE 11) |
Adam Barth |
2012-01-24 |
|
ACTION-43![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
to ask list about URI fragment ids in CSP reports |
Brad Hill |
2012-01-24 |
|
ACTION-44![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Poll list on resolution to issue 12 "server should include the origin of the report and keep the original policy text intact, including self" |
Adam Barth |
2012-01-24 |
|
ACTION-45![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Reraise whether ISSUE #8 (see also action #18) has been closed with clear enough text |
Brad Hill |
2012-01-24 |
|
ACTION-46![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Update CORS Origin header behavior in case of HTTP redirect |
Anne van Kesteren |
2012-02-14 |
|
ACTION-47![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add this |
Adam Barth |
2012-02-21 |
|
ACTION-48![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add referrer field for reporting |
Adam Barth |
2012-02-21 |
|
ACTION-49![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Followup on list to http://lists.w3.org/Archives/Public/public-webappsec/2012Feb/0014.html |
Brad Hill |
2012-02-21 |
|
ACTION-50![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Start discussion on ISSUE 7 |
Adam Barth |
2012-02-21 |
|
ACTION-51![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Review CORS new sec cons language and provide editorial fixes |
Brad Hill |
2012-04-21 |
|
ACTION-52![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Email tlr to send CORS to LC |
Brad Hill |
2012-03-06 |
|
ACTION-53![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Do straw poll on the list about policy-uri for CSP 1.0/1.1 question |
Eric Rescorla |
2012-03-06 |
|
ACTION-54![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Find a new owner for action-35 |
Brad Hill |
2012-03-20 |
|
ACTION-55![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Put together F2F agenda proposal for list |
Brad Hill |
2012-03-20 |
|
ACTION-56![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Remove policy-uri directive |
Adam Barth |
2012-04-10 |
|
ACTION-57![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Cross-post proposal to HTTP and WebSec WG at IETF |
Adam Barth |
2012-04-17 |
|
ACTION-58![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Integrate jeffh comments int sec considerations in CORS |
Brad Hill |
2012-05-09 |
|
ACTION-59![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Create 1.1 impl by end of week |
Adam Barth |
2012-05-09 |
|
ACTION-60![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Write a message to the mailing list describing his proposal for how to handle URLs with paths (truncate to the origin) |
Daniel Veditz |
2012-05-09 |
|
ACTION-61![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Merge bhill's policy combination text into the CSP document |
Adam Barth |
2012-05-09 |
|
ACTION-62![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
400 reponse for EventSource causes infinite polling |
Brad Hill |
2012-05-10 |
|
ACTION-63![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
400 reponse for EventSource causes infinite polling |
Adam Barth |
2012-05-10 |
|
ACTION-64![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add day 2 minutes from face to face meeting |
Brad Hill |
2012-05-15 |
|
ACTION-65![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Put question out to the list. |
Brad Hill |
2012-05-15 |
|
ACTION-66![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add error handling behavior in 1.0 spec |
Adam Barth |
2012-05-15 |
|
ACTION-67![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add a description for how to handle content-type in CSP 1.1 - 06/30/2012 |
Adam Barth |
2012-07-17 |
|
ACTION-68![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Coordinate with Giorgi on a draft proposal - 07/2012 |
David Huang |
2012-05-15 |
|
ACTION-69![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Check on W3C process on referring to HTML5 |
Brad Hill |
2012-06-12 |
|
ACTION-70![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Review history of CORS comments from bhill/jeffh and make recommendations |
Adam Barth |
2012-07-03 |
|
ACTION-71![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Review history of CORS comments from bhill/member:jeffh and make recommendations |
Eric Rescorla |
2012-07-03 |
|
ACTION-72![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
To review history of CORS comments from bhill/member:jeffh and make recommendations |
Daniel Veditz |
2012-07-03 |
|
ACTION-73![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Start cross-IETF/W3C discussion on XFO/FO/UI Safety |
Brad Hill |
2012-07-10 |
|
ACTION-74![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
check with W3C contact re: mailing list issues and delivery |
Brad Hill |
2012-07-24 |
|
ACTION-75![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Liason with DeviceAPI group re: CSP as policy framework for mobile least privilege |
Brad Hill |
2012-07-24 |
|
ACTION-76![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Are any features of CORS at-risk due to only one implementation? |
Gopal Raghavan |
2012-09-04 |
|
ACTION-77![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Set up ccarson as CORS editor |
Brad Hill |
2012-09-04 |
|
ACTION-78![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Issue CfC for CSP 1.0 to CR, Call for Impls |
Brad Hill |
2012-09-04 |
|
ACTION-79![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Issue CfC for CORS to CR, Call for Impls |
Brad Hill |
2012-09-04 |
|
ACTION-80![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Invite Tobias Gondrom as Invited Expert for frame-options work |
Brad Hill |
2012-09-18 |
|
ACTION-81![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Incorporate editorial suggestions in ISSUE-16 |
Adam Barth |
2012-09-18 |
|
ACTION-82![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Respond to ingo chao on official WG position re: csp policies for add-on modifications to resources |
Brad Hill |
2012-11-08 |
|
ACTION-83![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Update port numbers on apache for test vm; 80-83 |
Brad Hill |
2013-02-26 |
|
ACTION-84![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Create acceptance tests for section 5 |
Gopal Raghavan |
2012-11-08 |
|
ACTION-85![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Create acceptance tests for section 6 |
Gopal Raghavan |
2012-11-08 |
|
ACTION-86![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Create acceptance tests for section 7 |
Gopal Raghavan |
2012-11-08 |
|
ACTION-87![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Fix transient CORS test failures due to caching behavior |
Odin Hørthe Omdal |
2012-11-08 |
|
ACTION-88![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Talk to annevk and clarify UA behavior on section 6.2 if resource asks for credentials and gives * to preflight |
Brad Hill |
2012-11-08 |
|
ACTION-89![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Rewrite abnf production of frame-options to have deny alternating with top-only and ancestor versions |
Brad Hill |
2012-11-08 |
|
ACTION-90![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Sync up with David Ross and Eric Lawrence on XFO justification for ALLOW-FROM single origin restriction |
Brad Hill |
2012-11-08 |
|
ACTION-91![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Propose testing day as part of joint HTML/WebApps/WebAppSec F2F in silicon valley to list |
Brad Hill |
2012-11-09 |
|
ACTION-92![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Propose spec text to resolve ISSUE-32 |
Daniel Veditz |
2012-11-09 |
ISSUE-32 |
ACTION-93![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Query list if any use cases for reportURIs script interface |
Mike West |
2012-11-09 |
|
ACTION-94![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add specificity to CSP 1.1 draft that script access queries ONLY state of CSP, not general reachability of URLs by configured browser context |
Mike West |
2012-11-09 |
|
ACTION-95![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Correct "font-src" typo in the form-action text of CSP 1.1 |
Mike West |
2012-11-09 |
|
ACTION-96![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add note clarifying that form-action is not subject to default-src fallback |
Mike West |
2012-11-09 |
|
ACTION-97![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Propose spec language for policy-uri directive |
Daniel Veditz |
2013-05-25 |
|
ACTION-98![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Propose spec text for experimental jsonp-src jsonp-sink directives |
Brad Hill |
2012-11-09 |
|
ACTION-99![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Fold X-XSS-Protection into CSP 1.1. |
Mike West |
2012-11-24 |
|
ACTION-100![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
get Zakim back in sync with time of call |
Brad Hill |
2012-11-27 |
|
ACTION-101![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Follow up with Mike Smith at w3c on test server config, re: Options headers, etc. |
Brad Hill |
2013-02-26 |
|
ACTION-102![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Write up strawman for event on violation of CSP, coordinate w/dveditz |
Mike West |
2012-12-11 |
|
ACTION-103![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Follow up on http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0096.html and solicit new proposals, suggest unsafe attribute |
Brad Hill |
2012-12-11 |
|
ACTION-104![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Follow up with Goog A11Y and UI teams on disabling browser features (UISafety obstruction check) for A11Y compatibility |
Adam Barth |
2013-01-29 |
|
ACTION-105![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Change short name from UI Safety to UI Security on next WD publication |
Brad Hill |
2013-02-27 |
|
ACTION-106![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add some non-normative examples of how multiple headers/meta tags interact to tighten the effective policy. |
Mike West |
2013-01-05 |
|
ACTION-107![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Investigate assistive technologies use of real or synthetic events |
Brad Hill |
2013-01-22 |
ISSUE-21 |
ACTION-108![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
to query list on whether default UI Security hueristic behavior should be block or report |
Brad Hill |
2013-01-22 |
ISSUE-20 |
ACTION-109![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add spec language to CSP 1.1 regarding certain directives not honored in META |
Daniel Veditz |
2013-05-25 |
ISSUE-26 |
ACTION-110![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Clarify that frame-options not allowed in META, reference relative to CSP 1.1 spec |
Brad Hill |
2013-01-22 |
ISSUE-25 |
ACTION-111![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Provide guidance on efficient enforcment of display-time |
Giorgio Maone |
2013-01-22 |
ISSUE-27 |
ACTION-112![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Raise issue 29 on public-webappsec list for further discussion |
Giorgio Maone |
2013-01-22 |
ISSUE-29 |
ACTION-113![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Chase specs and references for URL/URI definition used in CSP 1.1 |
Adam Barth |
2013-01-22 |
ISSUE-31 |
ACTION-114![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Assign actions for issues 34, 35, 36, 37, 38, 39 to abarth |
Brad Hill |
2013-01-22 |
|
ACTION-116![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Update CSP 1.1 spec to indicate violation type for default-src violations |
Mike West |
2013-02-05 |
|
ACTION-117![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Mention HSTS in implementation note as a reason things might stop working |
Mike West |
2013-02-05 |
|
ACTION-118![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Email list on UISecurity issue 2 - multiple values for Frame-Options ALLOW FROM |
Brad Hill |
2013-02-05 |
|
ACTION-119![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Update CSP 1.1 to indicate line number reports for in-line scripts |
Mike West |
2013-02-05 |
|
ACTION-120![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Propose language to spec to explain how custom elements are handled (see issue 43) |
Adam Barth |
2013-02-19 |
|
ACTION-121![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Email the list with the generic src-nonce proposal (i.e., not specifically for each thing that could be srced) |
Mike West |
2013-05-07 |
|
ACTION-122![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Remove obsolete language for XFO in UI Security draft |
Brad Hill |
2013-03-05 |
|
ACTION-123![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Bring the CORS 2xx issue up on list and specifically with Anne |
Brad Hill |
2013-04-02 |
|
ACTION-124![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Create test cases for CORS and 2xx, 4xx, 5xx status codes |
Brad Hill |
2013-04-02 |
|
ACTION-125![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Investigate WHATWG spec text vs RFC 3986 for normalization in CSP |
Mike West |
2013-04-02 |
|
ACTION-126![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Propose urlencoded mime type solution for cross-origin JSON to list |
Brad Hill |
2013-04-02 |
|
ACTION-127![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add one-way mutability to policy points exposed in script interface |
Mike West |
2013-11-05 |
|
ACTION-128![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Raise intersection of meta and header policies on list |
Brad Hill |
2013-05-02 |
CSP Level 2 |
ACTION-129![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Research and propose spec text for applying plugin-types to iframes |
Adam Barth |
2013-05-25 |
CSP Level 2 |
ACTION-130![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Draft text on referer control policy |
Mike West |
2013-05-25 |
CSP Level 2 |
ACTION-131![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Write a problem statement exploring the space of mixed content specifications |
Brad Hill |
2013-05-02 |
|
ACTION-132![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Write a problem statement exploring the space of HTML templating / safe HTML |
Brad Hill |
2013-05-02 |
|
ACTION-133![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
better specify XPath reporting in UI Security |
Brad Hill |
2013-05-07 |
UI Security |
ACTION-134![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
report dependencies on event types |
Brad Hill |
2013-05-25 |
UI Security |
ACTION-135![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Promote the security model documentation project |
Thomas Roessler |
2013-05-03 |
|
ACTION-136![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Issue CfC to list on new WD publication of CSP 1.1 |
Adam Barth |
2013-05-14 |
|
ACTION-137![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Query list whether CORS HTTP auth should re-open spec |
Brad Hill |
2013-05-14 |
|
ACTION-138![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Update csp report content-type to application/csp-report or similar |
Adam Barth |
2013-05-14 |
|
ACTION-139![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add HTTP response code to reports in CSP 1.1 |
Adam Barth |
2013-06-11 |
|
ACTION-140![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add text addressing https://www.w3.org/Bugs/Public/show_bug.cgi?id=22256 |
Adam Barth |
2013-06-11 |
|
ACTION-142![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Email bhill, ekr, and tobie re github setup |
Wendy Seltzer |
2013-06-11 |
|
ACTION-143![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
CSP Level 2: change error handling behavior for loading blocked resources |
Mike West |
2014-07-31 |
CSP Level 2 |
ACTION-145![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Update nonce-value directive to allow b64, b64url chars, specify minimum length of 1 |
Adam Barth |
2013-07-09 |
|
ACTION-146![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Respond to list, propose setting worker policy from header rather than inheriting it |
Daniel Veditz |
2013-07-09 |
|
ACTION-147![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Propose updated hash source text to list addressing http://lists.w3.org/Archives/Public/public-webappsec/2013Jul/0004.html |
Neil Matatall |
2013-07-23 |
|
ACTION-148![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Get patent release on referer control proposal from lafs authors |
Brad Hill |
2013-08-20 |
|
ACTION-149![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Document proposal of simply excluding blob:, data:, etc from matching * everywhere, no explicit tie to unsafe-eval |
Daniel Veditz |
2013-10-22 |
|
ACTION-150![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Post a cfc to the list on closing the csp 1.1 feature set |
Brad Hill |
2013-09-17 |
|
ACTION-151![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
to provide text to list about interaction btwn extensions and csp is |
Mike West |
2013-11-05 |
|
ACTION-152![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
CSP 2: Update csp to make unsafe-inline, unsafe-eval universal constructs |
Mike West |
2014-07-31 |
CSP Level 2 |
ACTION-153![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Propose more precise text for child-src directive idea |
Brad Hill |
2014-08-26 |
CSP Level 3 |
ACTION-154![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Propose more precise language for directives for shared worker |
Brad Hill |
2013-11-26 |
|
ACTION-157![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Cancel dec 31st call |
Brad Hill |
2013-12-10 |
|
ACTION-158![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Raise frame-options vs. frame-ancestors name on ietf websec list |
Brad Hill |
2013-12-10 |
|
ACTION-159![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Respond to list re: consensus that applying hash/nonce to inline handlers not desired as a 1.1 feature |
Neil Matatall |
2013-12-24 |
|
ACTION-160![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Reply to jonas sicking on list re: cascade of style-src to font-src |
Brad Hill |
2013-12-24 |
|
ACTION-161![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Abandon cfc on uisecurity to lcwd for now |
Brad Hill |
2013-12-24 |
|
ACTION-162![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Propose to list text on form-action vs. connect-src re: sending data vs. receiving it |
Brad Hill |
2014-02-05 |
|
ACTION-163![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Give language on how frame-ancestors interacts with xfo |
Brad Hill |
2014-02-05 |
|
ACTION-165![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Open sri issues in tracker from spec text |
Brad Hill |
2014-03-19 |
|
ACTION-168![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Raise to the list handling of csp associated with installed apps as possible spec note |
Brad Hill |
2014-04-16 |
CSP Level 2 |
ACTION-170![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Arrange some joint meeting time with svg wg |
Brad Hill |
2014-04-30 |
|
ACTION-171![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Propose text to list on issue-58 |
Brad Hill |
2014-04-30 |
CSP Level 2 |
ACTION-173![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Talk with plh about fetch and csp, invite conversation with webappsec |
Wendy Seltzer |
2014-05-14 |
|
ACTION-174![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Raise frame-ancestors/fetch/neterror on list |
Mike West |
2014-11-03 |
CSP Level 2 |
ACTION-175![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Post tpac dates to list for next f2f |
Brad Hill |
2014-05-14 |
|
ACTION-176![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Post a redux and cfc on options for resolving the redirects/paths/reporting issue in csp 1.1 |
Brad Hill |
2014-06-11 |
|
ACTION-177![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Send a cfc to adopt mixed content draft as a wg product |
Brad Hill |
2014-06-25 |
|
ACTION-178![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Update csp 1.0 extensions language for pr to match 1.1 lcwd text |
Brad Hill |
2014-11-25 |
CSP Level 1 |
ACTION-179![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Investigate duration of lc for csp 1.1 |
Brad Hill |
2014-06-25 |
|
ACTION-180![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Document that user-set prefs regarding referrers override csp-set policies |
Mike West |
2014-06-25 |
|
ACTION-183![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add language that user-agent may decline to send reports for priority of constituency reasons and still be conforming |
Mike West |
2014-07-09 |
CSP Level 2 |
ACTION-184![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Make sure the spec says frame-ancestors uses the origin rather than the url |
Mike West |
2014-07-23 |
CSP Level 2 |
ACTION-185![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Make sure that frame-ancestors is relative to origin, not url and without path components |
Brad Hill |
2014-07-23 |
CSP Level 2 |
ACTION-187![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Reconsider call time |
Brad Hill |
2014-09-17 |
|
ACTION-191![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Inconsistency in source hash description |
Mike West |
2014-11-03 |
CSP Level 2 |
ACTION-193![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Respond to Brian Smith on referrer-policy |
Brad Hill |
2014-11-03 |
|
ACTION-194![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Respond to Hatter Jiang on 401 attach |
Brad Hill |
2014-11-03 |
CSP Level 2 |
ACTION-195![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Respond to Hatter Jiang on JSONP directives - under consideration for v.Next |
Brad Hill |
2014-11-03 |
|
ACTION-196![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Remove intranet/internet section from Mixed Content spec |
Mike West |
2014-11-03 |
Mixed Content |
ACTION-197![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Schedule an ad-hoc at TPAC 2014 (+wseltzer, +plh, +robin, +tbl?) |
Brad Hill |
2014-10-28 |
|
ACTION-201![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Add permissions api to draft charter |
Brad Hill |
2014-11-24 |
|
ACTION-202![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Issue cfc on new draft charter |
Brad Hill |
2014-11-24 |
|
ACTION-203![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Raise issue for sri large object /streaming integrity |
Brad Hill |
2014-11-24 |
|
ACTION-208![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Take charter to w3m for review |
Wendy Seltzer |
2014-12-22 |
|
ACTION-214![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Ask mozilla ac rep about the current status of their charter objections |
Wendy Seltzer |
2015-03-02 |
|
ACTION-216![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Examine fetch refs for stability |
Wendy Seltzer |
2016-04-27 |
|
ACTION-217![(edit)](/2002/09/wbs/icons/stock_edit2) |
closed |
Ask tag for feedback on secure contexts |
Wendy Seltzer |
2016-05-23 |
|