- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 29 Oct 2018 17:00:14 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1gHAti-0002Dn-3e@uranus.w3.org>
Issues
------
* w3c/webappsec (+1/-0/💬1)
1 issues created:
- Report Iframe nesting level instead of using frame-ancestors directive (by moonyowl)
https://github.com/w3c/webappsec/issues/537
1 issues received 1 new comments:
- #537 Report Iframe nesting level instead of using frame-ancestors directive (1 by annevk)
https://github.com/w3c/webappsec/issues/537
* w3c/webappsec-csp (+0/-2/💬41)
4 issues received 41 new comments:
- #8 CSP: form-action and redirects (32 by Changaco, ptoomey3, annevk, andypaicu, iquito, ThrawnCA)
https://github.com/w3c/webappsec-csp/issues/8 [CSP]
- #320 CSP violation report should not use redirect-mode: "error" (5 by annevk, yutakahirano)
https://github.com/w3c/webappsec-csp/issues/320
- #212 Inline style bits are very unclear (3 by andypaicu, bzbarsky)
https://github.com/w3c/webappsec-csp/issues/212
- #161 Specify browser behavior for CSP headers on 304 (not modified) responses (1 by andypaicu)
https://github.com/w3c/webappsec-csp/issues/161
2 issues closed:
- Specify browser behavior for CSP headers on 304 (not modified) responses https://github.com/w3c/webappsec-csp/issues/161
- Add a note about 'strict-dynamic' allowing injections into non-parser-inserted script URIs to be exploitable https://github.com/w3c/webappsec-csp/issues/97
* w3c/webappsec-credential-management (+1/-0/💬5)
1 issues created:
- create-a-cred and request-a-cred ought to return only a cred or error (by equalsJeffH)
https://github.com/w3c/webappsec-credential-management/issues/129
2 issues received 5 new comments:
- #128 copy (aka snapshot) any buffersources in options before going async (4 by jcjones, equalsJeffH, annevk)
https://github.com/w3c/webappsec-credential-management/issues/128
- #129 create-a-cred and request-a-cred ought to return only a cred or error (1 by equalsJeffH)
https://github.com/w3c/webappsec-credential-management/issues/129
* w3c/webappsec-referrer-policy (+0/-1/💬7)
4 issues received 7 new comments:
- #74 noreferrer isn't integrated with <link> (3 by jeisinger, domenic)
https://github.com/w3c/webappsec-referrer-policy/issues/74
- #111 Should JavaScript module imports respect referrer policy, and if so, how? (2 by domfarolino, domenic)
https://github.com/w3c/webappsec-referrer-policy/issues/111
- #115 Redesign of "extract header list values" expected (1 by mikewest)
https://github.com/w3c/webappsec-referrer-policy/issues/115
- #108 Referrer policy of referencing in SVG? (1 by jeisinger)
https://github.com/w3c/webappsec-referrer-policy/issues/108
1 issues closed:
- noreferrer isn't integrated with <link> https://github.com/w3c/webappsec-referrer-policy/issues/74
* w3c/webappsec-clear-site-data (+2/-0/💬6)
2 issues created:
- Clear Cache API caches (by inexorabletash)
https://github.com/w3c/webappsec-clear-site-data/issues/53
- Define the behavior for third-party cookie blocking. (by mikewest)
https://github.com/w3c/webappsec-clear-site-data/issues/52
3 issues received 6 new comments:
- #23 Rename "executionContexts" (3 by annevk, mikewest, domenic)
https://github.com/w3c/webappsec-clear-site-data/issues/23
- #52 Define the behavior for third-party cookie blocking. (2 by ericlaw1979, msramek)
https://github.com/w3c/webappsec-clear-site-data/issues/52
- #53 Clear Cache API caches (1 by inexorabletash)
https://github.com/w3c/webappsec-clear-site-data/issues/53
* w3c/webappsec-cspee (+1/-0/💬1)
1 issues created:
- Sites should be able to specify a default required CSP (by michael-oneill)
https://github.com/w3c/webappsec-cspee/issues/8
1 issues received 1 new comments:
- #8 Sites should be able to specify a default required CSP (1 by michael-oneill)
https://github.com/w3c/webappsec-cspee/issues/8
Pull requests
-------------
* w3c/webappsec-csp (+2/-1/💬4)
2 pull requests submitted:
- Added a note about fetch redirects being covered (by andypaicu)
https://github.com/w3c/webappsec-csp/pull/359
- Inherit source browsing context's CSP instead of parent/opener (by andypaicu)
https://github.com/w3c/webappsec-csp/pull/358
3 pull requests received 4 new comments:
- #358 Inherit source browsing context's CSP instead of parent/opener (2 by andypaicu)
https://github.com/w3c/webappsec-csp/pull/358
- #356 Added more notes about nonce attacks (1 by arturjanc)
https://github.com/w3c/webappsec-csp/pull/356
- #357 Added note in 'strict-dynamic' section to alert developers around potential avenues of attack (1 by arturjanc)
https://github.com/w3c/webappsec-csp/pull/357
1 pull requests merged:
- Added note in 'strict-dynamic' section to alert developers around potential avenues of attack
https://github.com/w3c/webappsec-csp/pull/357
* w3c/webappsec-credential-management (+1/-0/💬1)
1 pull requests submitted:
- fix issue #128 copy buffer sources (by equalsJeffH)
https://github.com/w3c/webappsec-credential-management/pull/130
1 pull requests received 1 new comments:
- #100 issue 92 accessing settings object: add passing global and queue task invoke callback (1 by mikewest)
https://github.com/w3c/webappsec-credential-management/pull/100
* w3c/webappsec-referrer-policy (+1/-1/💬0)
1 pull requests submitted:
- rel="noreferrer" is not supported for <link> elements (by jeisinger)
https://github.com/w3c/webappsec-referrer-policy/pull/117
1 pull requests merged:
- rel="noreferrer" is not supported for <link> elements
https://github.com/w3c/webappsec-referrer-policy/pull/117
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
Received on Monday, 29 October 2018 17:00:15 UTC