[Webkit-unassigned] [Bug 94836] Support for X-Frame-Options: Allow-From [uri]
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 16 21:44:19 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=94836
--- Comment #10 from Brady Eidson <beidson at apple.com> 2013-04-16 21:42:36 PST ---
(In reply to comment #9)
> (In reply to comment #8)
> > In radar as <rdar://problem/13658368>
> >
> > I'll try to take a look at this patch soon.
>
> You should be aware that this feature is controversial in the W3C WebAppSec working group. Before implementing it, you might want to confer with the working group.
Interesting.
We were looking at it because it's been in the IETF draft for some time (http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-01) and has utility we're interested in.
I'm failing at finding relevant threads in the webappsec archives that demonstrate this controversy. Have any pointers?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list