public-webappsec
Discussion web application security.
[SRI] require-sri-for: missing integrity metadata? same-origin loads?
created by Frederik Braun a day ago (updated 6 hours ago)
CSP: Embedded Enforcement
created by Mike West 20 hours ago (updated 8 hours ago)
'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP)
created by Mike West 2 days ago (updated 18 hours ago)
[SRI] reporting (Was: [SRI] require-sri-for syntax and additional SRI/CSP interaction
created by Frederik Braun 20 hours ago (updated 19 hours ago)
[SRI] require-sri-for syntax and additional SRI/CSP interaction
created by Frederik Braun a day ago (updated 20 hours ago)
Quoted Referrer-Policy values
created by Emily Stark (Dunn) 10 days ago (updated a day ago)
Workshop on Web Application Security 2016 Stanford University, Sep. 9, 2016
created by Hodges, Jeff a day ago
On the Insecurity of Whitelists and the Future of CSP
created by Hodges, Jeff 3 days ago (updated a day ago)
[webappsec] Draft agenda for tomorrow's teleconference
created by Hill, Brad 4 years ago (updated 3 days ago)
CORS-safelisted request headers should be restricted according to RFC 7231
created by John Wilander 3 days ago
Re: [suborigins] The origin relationship to suborigins
created by Joel Weinberger 3 days ago
CfC: Transition "Secure Contexts" to CR; deadline August 2nd.
created by Mike West 2 months ago (updated 10 days ago)
permissions.request() and publishing a new Permissions WD
created by Jeffrey Yasskin 15 days ago (updated 11 days ago)
Securing the security reviews in W3C - how to proceed ?
created by GALINDO Virginie 2 months ago (updated 16 days ago)
[webappsec] Teleconference for 24-Aug tentatively cancelled
created by Brad Hill 17 days ago
Permissions store
created by Anne van Kesteren a month ago (updated 23 days ago)
WebAuthn API Specification Review
created by Anthony Nadalin 24 days ago
Proposal: Marking HTTP As Non-Secure
created by Chris Palmer 2 years ago (updated 25 days ago)
Iframes and credit card security
created by Craig Francis a month ago (updated 25 days ago)
[webappsec] Teleconference Agenda: 10-Aug-2016 09:00 PDT
created by Daniel Veditz a month ago
Native Messaging - Browser implementation status report
created by Anders Rundgren a month ago
Call for Exclusions: Mixed Content
created by Coralie Mercier 2 years ago (updated a month ago)
[Proposal]: Set origin-wide policies via a manifest.
created by Mike West a month ago
tomorrow's teleconference CANCELLED
created by Brad Hill 4 months ago (updated a month ago)
CfC: Republish "Mixed Content" as CR; deadline July 27th.
created by Mike West 2 months ago
Changing window.name behavior
created by John Wilander 2 months ago
Call for Consensus: Stop work and transition 3 Working Drafts to Working Group Notes
created by Brad Hill 2 months ago
onload / onerror for <link rel="prefetch">
created by Richard Barnes 2 months ago
The US 9th Circuit Court ruled that using someone else's password with their permission but without the permission of the site owner is a federal crime.
created by Jeffrey Walton 2 months ago
Referrer Policy issues + Chrome implementation status
created by Emily Stark (Dunn) 2 months ago
Regrets (Re: [webappsec] Teleconference Agenda: 13-Jul-2016 at 9:00 AM PDT)
created by Giorgio Maone 2 months ago
Re: [UPGRADE] upgrade-insecure-request-with-fallback
created by Peter Eckersley 3 months ago (updated 2 months ago)
[webappsec] Teleconference Agenda: 13-Jul-2016 at 9:00 AM PDT
created by Brad Hill 2 months ago
[webappsec] Call for Agenda Items: 13-Jul-2016
created by Brad Hill 2 months ago
Accessing the same CORS-Resource from multiple sites
created by Reto Gmür 2 months ago
[REFERRER] Combining referrer policies
created by Ryan Townsend 2 months ago
[webappsec] Tomorrow's teleconference CANCELLED
created by Hill, Brad 3 years ago (updated 2 months ago)
Fwd: Subresource Integrity (SRI) is now a W3C Recommendation
created by Daniel Veditz 3 months ago
CORS restrictions on preflight (too) strict?
created by Ruben Verborgh 3 months ago
[suborigins] Understanding the syntax
created by chloe 3 months ago
Want more features?
Request early access to our private beta of readable email premium.