On 15/08/13 04:21, Pete Resnick wrote: > On 8/14/13 5:15 PM, Barry Leiba wrote: >>> Why is this document not on the standards track? >>> >> Because it's not anything we want to tell people to start implementing >> now. We want them to move toward the work we transferred over to >> W3C's WebAppSec group instead. >> > > It's probably worth having a line to that effect somewhere in the > document. > > pr > We do have a respective text in the introduction: "This specification provides informational documentation about the current use and definition of the X-Frame-Options HTTP header field. As described in Section 2.3.2.2 not all browsers implement X-Frame-Options exactly in the sames way, which can lead to unintended results. And given that the "X-" construction is deprecated [RFC6648], the X-Frame-Options header field will in the future be replaced by the Frame-Options directive in the Content Security Policy Version 1.1 [CSP-1-1]"
Best regards, Tobias
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
