Websec folks, Last year, this group agreed to abandon plans for a "Frame-Options" header (minus the X-) and move that functionality over into Content Security Policy. (it currently resides in the UI Security Directives, latest editors' draft at: https://dvcs.w3.org/hg/user-interface-safety/raw-file/tip/user-interface-safety.html )
In that group, we have decided to remove the "check top only" behavior and go forward with a model that always requires a full ancestor walk. In light of that, there is a suggestion to rename the directive from 'frame-options' to 'frame-ancestors'. We have no objections over in WebAppSec to this change (it's actually what early implementations by Mozilla used) but we wanted to check over here. Are there any strong objections to naming the new directive 'frame-ancestors'? I'll watch for replies here, but as always, feel free to join in on [email protected], too. Thanks, Brad Hill WebAppSec WG co-chair
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
