[Webkit-unassigned] [Bug 94836] Support for X-Frame-Options: Allow-From [uri]
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jun 25 06:43:59 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=94836
Adam Hooper <adam at adamhooper.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |adam at adamhooper.com
--- Comment #13 from Adam Hooper <adam at adamhooper.com> 2014-06-25 06:44:17 PST ---
Has the standards process stalled here?
In October 2013, IETF published http://tools.ietf.org/html/rfc7034 (informative) related to X-Frame-Options.
Meanwhile, the CSP working draft shows nothing but a TODO: https://dvcs.w3.org/hg/content-security-policy/raw-file/5b353a8ac072/csp-specification.dev.html#frame-options--experimental
Allow-From solves a real problem. Because WebKit ignores it, websites can be forced to abandon X-Frame-Options altogether. Given there's an RFC on the topic, could we please have Allow-From?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list