Security/Features: Difference between revisions

Security/Features (view source)

Revision as of 17:34, 15 July 2009

70 bytes removed , 15 July 2009

m

→‎Origin Header / Sec-From

Sidstamm

canmove, Confirmed users

1,537

edits

@@ Line 49: / Line 49: @@
 Beginning as an [[Security/Origin]] header that aimed to prevent clickjacking as well as CSRF and JSON data theft, this feature has evolved into [[Security/Sec-From]] that will not prevent clickjacking, but can be compatible with various other specifications for similar HTTP request headers.
-=== Design ===
+'''Design''': Done (6/18/2009)
-'''Status''': Done (6/18/2009)
 Discussion over the behavior and uses of Sec-From has been ongoing, but has merged with the Internet Draft spec proposed by Adam Barth et. al [http://webblaze.cs.berkeley.edu/2009/origin/origin.txt].
@@ Line 56: / Line 55: @@
 Header is also mentioned in HTML 5 [http://www.w3.org/TR/cors/#origin-header].
-==== Goals ====
+''Goals'':
 * Provide a reliably present "referrer" that
 ** has minimal potential for privacy leak
@@ Line 63: / Line 62: @@
 * aid in preventing JSON data theft
-=== Discussion ===
+'''Discussion''': In Progress
-'''Status''': ?
 We've synced up with Adam Barth and settled on a design.  He is working with the CORS folks to see if his proposal can be unified with the Origin header they send.
@@ Line 71: / Line 69: @@
-=== Review and Standardization ===
+'''Review and Standardization''': In Progress.  ETA: ?
-'''Status''': In Progress.  ETA: ?
-=== Prototype ===
+'''Prototype''': Not Started.  ETA: Q4 2009
-'''Status''': Not Started.  ETA: Q4 2009
-=== Implementation ===
+'''Implementation''': Not Started.  ETA: ?
-'''Status''': Not Started.  ETA: ?
 == Content Security Policy ==

Security/Features: Difference between revisions

Security/Features (view source)

Revision as of 17:34, 15 July 2009

Navigation menu

Search