[Webkit-unassigned] [Bug 94836] Support for X-Frame-Options: Allow-From [uri]

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 25 06:43:59 PDT 2014


https://bugs.webkit.org/show_bug.cgi?id=94836


Adam Hooper <adam at adamhooper.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |adam at adamhooper.com




--- Comment #13 from Adam Hooper <adam at adamhooper.com>  2014-06-25 06:44:17 PST ---
Has the standards process stalled here?

In October 2013, IETF published http://tools.ietf.org/html/rfc7034 (informative) related to X-Frame-Options.

Meanwhile, the CSP working draft shows nothing but a TODO: https://dvcs.w3.org/hg/content-security-policy/raw-file/5b353a8ac072/csp-specification.dev.html#frame-options--experimental

Allow-From solves a real problem. Because WebKit ignores it, websites can be forced to abandon X-Frame-Options altogether. Given there's an RFC on the topic, could we please have Allow-From?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list