canmove, Confirmed users
1,537
edits
Security/Features: Difference between revisions
Jump to navigation
Jump to search
m
→Origin Header / Sec-From
| Line 46: | Line 46: | ||
'''Design''': Done (6/18/2009) | '''Design''': Done (6/18/2009) | ||
Discussion over the behavior and uses of Sec-From has been ongoing. | |||
Tasks: | |||
* {{done|Write up an informal spec}} [[Security/Origin]] | |||
* {{done|Unify spec with Adam Barth's Internet Draft}} [http://webblaze.cs.berkeley.edu/2009/origin/origin.txt]. | |||
* {{ok|Unify with CORS "Origin" or pick a new header name to avoid incompatibility.}} Reworked as [[Security/Sec-From]]. | |||
Such an "Origin" header is also mentioned in HTML 5 [http://www.w3.org/TR/cors/#origin-header]. | |||
''Goals'': | ''Goals'': | ||
| Line 63: | Line 67: | ||
; http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0057.html : discussion about renaming from "Origin" | ; http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0057.html : discussion about renaming from "Origin" | ||
Tasks: | |||
* {{done|Settle on a design.}} [[Security/Sec-From]] | |||
* {{new|Initiate public discussion on newsgroups and other public forums}} | |||
'''Review and Standardization''': In Progress. ETA: ? | '''Review and Standardization''': In Progress. ETA: ? | ||
Tasks: | |||
* {{ok|Find appropriate standards body to review this feature}}. | |||
* {{new|Submit to standards body.}} [[Security/Sec-From]] | |||
'''Prototype''': Not Started. ETA: Q4 2009 | '''Prototype''': Not Started. ETA: Q4 2009 | ||
Tasks: | |||
* {{new|create add-on that appropriately serves this header.}} | |||
* {{new|create test suite that verifies values and presence of the header.}} | |||
'''Implementation''': Not Started. ETA: ? | '''Implementation''': Not Started. ETA: ? | ||
Tasks: | |||
* {{new|patch mozilla-central}} | |||
* {{new|convert prototype test suite to automated tests}} | |||
== Content Security Policy == | == Content Security Policy == | ||