Apply the following changes to selected action items:

There are 222 actions.

ID State Title Person Due Date Associated with
ACTION-1 (edit) closed Find an appropriate way to make available to the Web App Sec working group Brad Hill 2011-11-07
ACTION-2 (edit) closed Get brandon CVS access. Brad Hill 2011-11-07
ACTION-3 (edit) closed Move CSP to CVS from Mercurial. Brandon Sterne 2011-11-07
ACTION-4 (edit) closed Seek out all old CSP drafts and point them to the new verison Brandon Sterne 2011-11-07
ACTION-5 (edit) closed Set up a doodle for selecting a time for calls Eric Rescorla 2011-11-07
ACTION-6 (edit) closed Set up testing mailing list Brad Hill 2011-11-07
ACTION-7 (edit) closed Set up mecurial repo for test cases Brad Hill 2011-11-07
ACTION-8 (edit) closed Coordinate with phillipe or mike @ w3c on testing infrastructure Brad Hill 2011-11-07
ACTION-9 (edit) closed Document interactions between CORS and caching / vary header and best practices Adam Barth 2011-12-13
ACTION-10 (edit) closed Invite mark miller and tyler close to join WG, comment on UMP Brad Hill 2011-11-07
ACTION-11 (edit) closed Document content-type header values that influence determination of simple / non-simple CORS request type Adam Barth 2011-12-20
ACTION-12 (edit) closed Document lack of critical semantics on policy directives, behavior on unknown extensions or new directives Adam Barth 2011-11-07
ACTION-13 (edit) closed Create a wiki page for soft registrations of directives people are experimenting with Adam Barth 2011-11-07
ACTION-14 (edit) closed Remove proposed directives and make any urgent editorial by COB tomorrow. Brandon Sterne 2011-11-07
ACTION-15 (edit) closed And bhill2 to issue a call for comments before an FPWD to last one week tomorrow COB Eric Rescorla 2011-11-07
ACTION-16 (edit) closed Update the milestones with dates he feels comfortable with Anne van Kesteren 2011-12-13
ACTION-17 (edit) closed Add 1.1 as an item on the WG page. Brad Hill 2011-11-07
ACTION-18 (edit) closed Round-trip decision on sandboxing in CSP to WHATWG Brad Hill 2011-11-07
ACTION-19 (edit) closed Clarify policy applied for html loaded via object tag Adam Barth 2012-01-03 ISSUE-8
ACTION-20 (edit) closed Liason with widgets activity on policy placeholder for widgets Brad Hill 2012-05-29
ACTION-21 (edit) closed Update cheat sheet Brad Hill 2011-11-08
ACTION-22 (edit) closed Take a first cut. Brad Hill 2011-11-08
ACTION-23 (edit) closed Take a first cut at a use cases document for isolated addressable frames Brad Hill 2011-11-08
ACTION-24 (edit) closed Draft spec language for sandbox directive Adam Barth 2011-11-29
ACTION-25 (edit) closed Ping jrossi for feedback on policy-uri directive Brad Hill 2011-11-08
ACTION-26 (edit) closed Set up mercurial repo for tests and get a simple test for Adam Gopal Raghavan 2011-11-29
ACTION-27 (edit) closed Start discussion on issue 8 next week Adam Barth 2011-11-29
ACTION-28 (edit) closed Start discussion on issue 4 next week Adam Barth 2011-11-29
ACTION-29 (edit) closed Send out CfC for CORS advancement to Last Call to public-webappsec and public-webapps Brad Hill 2011-12-13
ACTION-30 (edit) closed Test Eric Rescorla 2011-12-13
ACTION-31 (edit) closed Edit Firefox compatible CSP/Workers interaction into document Adam Barth 2011-12-13
ACTION-32 (edit) closed Document object tag/HTML interaction (issue 8) as "should be syntax-oriented, not semantics-oriented" Brandon Sterne 2011-12-13
ACTION-33 (edit) closed Create VirtualBox image for test development Brad Hill 2012-01-15
ACTION-34 (edit) closed Go through document and check that "first found" policy is clear Eric Rescorla 2012-01-11
ACTION-35 (edit) closed Add advice for server operators about combining policies Adam Barth 2012-03-13
ACTION-36 (edit) closed Copy clicking jacking info to wiki and email list David Huang 2012-03-13
ACTION-37 (edit) closed Email anne wrt proposed additions to security considerations for CORS re: confused deputy Brad Hill 2012-01-10
ACTION-38 (edit) closed Record that ISPs should not mess with CSP, and if you are worried about this, you should do HTTPS. Brandon Sterne 2012-01-10
ACTION-39 (edit) closed Incorporate Eric's Action 34 comments into the document Adam Barth 2012-01-24
ACTION-40 (edit) closed Modify the spec to say that img-src loads which fail due to CSP policy cause errors to be raised (ISSUE-9) Adam Barth 2012-01-24
ACTION-41 (edit) closed Update the spec per consensus on ISSUE 10 Adam Barth 2012-01-24
ACTION-42 (edit) closed Confirm on list that we are going to remove request headers (ISSUE 11) Adam Barth 2012-01-24
ACTION-43 (edit) closed to ask list about URI fragment ids in CSP reports Brad Hill 2012-01-24
ACTION-44 (edit) closed Poll list on resolution to issue 12 "server should include the origin of the report and keep the original policy text intact, including self" Adam Barth 2012-01-24
ACTION-45 (edit) closed Reraise whether ISSUE #8 (see also action #18) has been closed with clear enough text Brad Hill 2012-01-24
ACTION-46 (edit) closed Update CORS Origin header behavior in case of HTTP redirect Anne van Kesteren 2012-02-14
ACTION-47 (edit) closed Add this Adam Barth 2012-02-21
ACTION-48 (edit) closed Add referrer field for reporting Adam Barth 2012-02-21
ACTION-49 (edit) closed Followup on list to Brad Hill 2012-02-21
ACTION-50 (edit) closed Start discussion on ISSUE 7 Adam Barth 2012-02-21
ACTION-51 (edit) closed Review CORS new sec cons language and provide editorial fixes Brad Hill 2012-04-21
ACTION-52 (edit) closed Email tlr to send CORS to LC Brad Hill 2012-03-06
ACTION-53 (edit) closed Do straw poll on the list about policy-uri for CSP 1.0/1.1 question Eric Rescorla 2012-03-06
ACTION-54 (edit) closed Find a new owner for action-35 Brad Hill 2012-03-20
ACTION-55 (edit) closed Put together F2F agenda proposal for list Brad Hill 2012-03-20
ACTION-56 (edit) closed Remove policy-uri directive Adam Barth 2012-04-10
ACTION-57 (edit) closed Cross-post proposal to HTTP and WebSec WG at IETF Adam Barth 2012-04-17
ACTION-58 (edit) closed Integrate jeffh comments int sec considerations in CORS Brad Hill 2012-05-09
ACTION-59 (edit) closed Create 1.1 impl by end of week Adam Barth 2012-05-09
ACTION-60 (edit) closed Write a message to the mailing list describing his proposal for how to handle URLs with paths (truncate to the origin) Daniel Veditz 2012-05-09
ACTION-61 (edit) closed Merge bhill's policy combination text into the CSP document Adam Barth 2012-05-09
ACTION-62 (edit) closed 400 reponse for EventSource causes infinite polling Brad Hill 2012-05-10
ACTION-63 (edit) closed 400 reponse for EventSource causes infinite polling Adam Barth 2012-05-10
ACTION-64 (edit) closed Add day 2 minutes from face to face meeting Brad Hill 2012-05-15
ACTION-65 (edit) closed Put question out to the list. Brad Hill 2012-05-15
ACTION-66 (edit) closed Add error handling behavior in 1.0 spec Adam Barth 2012-05-15
ACTION-67 (edit) closed Add a description for how to handle content-type in CSP 1.1 - 06/30/2012 Adam Barth 2012-07-17
ACTION-68 (edit) closed Coordinate with Giorgi on a draft proposal - 07/2012 David Huang 2012-05-15
ACTION-69 (edit) closed Check on W3C process on referring to HTML5 Brad Hill 2012-06-12
ACTION-70 (edit) closed Review history of CORS comments from bhill/jeffh and make recommendations Adam Barth 2012-07-03
ACTION-71 (edit) closed Review history of CORS comments from bhill/member:jeffh and make recommendations Eric Rescorla 2012-07-03
ACTION-72 (edit) closed To review history of CORS comments from bhill/member:jeffh and make recommendations Daniel Veditz 2012-07-03
ACTION-73 (edit) closed Start cross-IETF/W3C discussion on XFO/FO/UI Safety Brad Hill 2012-07-10
ACTION-74 (edit) closed check with W3C contact re: mailing list issues and delivery Brad Hill 2012-07-24
ACTION-75 (edit) closed Liason with DeviceAPI group re: CSP as policy framework for mobile least privilege Brad Hill 2012-07-24
ACTION-76 (edit) closed Are any features of CORS at-risk due to only one implementation? Gopal Raghavan 2012-09-04
ACTION-77 (edit) closed Set up ccarson as CORS editor Brad Hill 2012-09-04
ACTION-78 (edit) closed Issue CfC for CSP 1.0 to CR, Call for Impls Brad Hill 2012-09-04
ACTION-79 (edit) closed Issue CfC for CORS to CR, Call for Impls Brad Hill 2012-09-04
ACTION-80 (edit) closed Invite Tobias Gondrom as Invited Expert for frame-options work Brad Hill 2012-09-18
ACTION-81 (edit) closed Incorporate editorial suggestions in ISSUE-16 Adam Barth 2012-09-18
ACTION-82 (edit) closed Respond to ingo chao on official WG position re: csp policies for add-on modifications to resources Brad Hill 2012-11-08
ACTION-83 (edit) closed Update port numbers on apache for test vm; 80-83 Brad Hill 2013-02-26
ACTION-84 (edit) closed Create acceptance tests for section 5 Gopal Raghavan 2012-11-08
ACTION-85 (edit) closed Create acceptance tests for section 6 Gopal Raghavan 2012-11-08
ACTION-86 (edit) closed Create acceptance tests for section 7 Gopal Raghavan 2012-11-08
ACTION-87 (edit) closed Fix transient CORS test failures due to caching behavior Odin Hørthe Omdal 2012-11-08
ACTION-88 (edit) closed Talk to annevk and clarify UA behavior on section 6.2 if resource asks for credentials and gives * to preflight Brad Hill 2012-11-08
ACTION-89 (edit) closed Rewrite abnf production of frame-options to have deny alternating with top-only and ancestor versions Brad Hill 2012-11-08
ACTION-90 (edit) closed Sync up with David Ross and Eric Lawrence on XFO justification for ALLOW-FROM single origin restriction Brad Hill 2012-11-08
ACTION-91 (edit) closed Propose testing day as part of joint HTML/WebApps/WebAppSec F2F in silicon valley to list Brad Hill 2012-11-09
ACTION-92 (edit) closed Propose spec text to resolve ISSUE-32 Daniel Veditz 2012-11-09 ISSUE-32
ACTION-93 (edit) closed Query list if any use cases for reportURIs script interface Mike West 2012-11-09
ACTION-94 (edit) closed Add specificity to CSP 1.1 draft that script access queries ONLY state of CSP, not general reachability of URLs by configured browser context Mike West 2012-11-09
ACTION-95 (edit) closed Correct "font-src" typo in the form-action text of CSP 1.1 Mike West 2012-11-09
ACTION-96 (edit) closed Add note clarifying that form-action is not subject to default-src fallback Mike West 2012-11-09
ACTION-97 (edit) closed Propose spec language for policy-uri directive Daniel Veditz 2013-05-25
ACTION-98 (edit) closed Propose spec text for experimental jsonp-src jsonp-sink directives Brad Hill 2012-11-09
ACTION-99 (edit) closed Fold X-XSS-Protection into CSP 1.1. Mike West 2012-11-24
ACTION-100 (edit) closed get Zakim back in sync with time of call Brad Hill 2012-11-27
ACTION-101 (edit) closed Follow up with Mike Smith at w3c on test server config, re: Options headers, etc. Brad Hill 2013-02-26
ACTION-102 (edit) closed Write up strawman for event on violation of CSP, coordinate w/dveditz Mike West 2012-12-11
ACTION-103 (edit) closed Follow up on and solicit new proposals, suggest unsafe attribute Brad Hill 2012-12-11
ACTION-104 (edit) closed Follow up with Goog A11Y and UI teams on disabling browser features (UISafety obstruction check) for A11Y compatibility Adam Barth 2013-01-29
ACTION-105 (edit) closed Change short name from UI Safety to UI Security on next WD publication Brad Hill 2013-02-27
ACTION-106 (edit) closed Add some non-normative examples of how multiple headers/meta tags interact to tighten the effective policy. Mike West 2013-01-05
ACTION-107 (edit) closed Investigate assistive technologies use of real or synthetic events Brad Hill 2013-01-22 ISSUE-21
ACTION-108 (edit) closed to query list on whether default UI Security hueristic behavior should be block or report Brad Hill 2013-01-22 ISSUE-20
ACTION-109 (edit) closed Add spec language to CSP 1.1 regarding certain directives not honored in META Daniel Veditz 2013-05-25 ISSUE-26
ACTION-110 (edit) closed Clarify that frame-options not allowed in META, reference relative to CSP 1.1 spec Brad Hill 2013-01-22 ISSUE-25
ACTION-111 (edit) closed Provide guidance on efficient enforcment of display-time Giorgio Maone 2013-01-22 ISSUE-27
ACTION-112 (edit) closed Raise issue 29 on public-webappsec list for further discussion Giorgio Maone 2013-01-22 ISSUE-29
ACTION-113 (edit) closed Chase specs and references for URL/URI definition used in CSP 1.1 Adam Barth 2013-01-22 ISSUE-31
ACTION-114 (edit) closed Assign actions for issues 34, 35, 36, 37, 38, 39 to abarth Brad Hill 2013-01-22
ACTION-115 (edit) pending review Make proposal on handling of srcdoc, blob, etc. (ISSUE-15) Adam Barth 2013-05-07 SRCDOC, BLOB, ETC
ACTION-116 (edit) closed Update CSP 1.1 spec to indicate violation type for default-src violations Mike West 2013-02-05
ACTION-117 (edit) closed Mention HSTS in implementation note as a reason things might stop working Mike West 2013-02-05
ACTION-118 (edit) closed Email list on UISecurity issue 2 - multiple values for Frame-Options ALLOW FROM Brad Hill 2013-02-05
ACTION-119 (edit) closed Update CSP 1.1 to indicate line number reports for in-line scripts Mike West 2013-02-05
ACTION-120 (edit) closed Propose language to spec to explain how custom elements are handled (see issue 43) Adam Barth 2013-02-19
ACTION-121 (edit) closed Email the list with the generic src-nonce proposal (i.e., not specifically for each thing that could be srced) Mike West 2013-05-07
ACTION-122 (edit) closed Remove obsolete language for XFO in UI Security draft Brad Hill 2013-03-05
ACTION-123 (edit) closed Bring the CORS 2xx issue up on list and specifically with Anne Brad Hill 2013-04-02
ACTION-124 (edit) closed Create test cases for CORS and 2xx, 4xx, 5xx status codes Brad Hill 2013-04-02
ACTION-125 (edit) closed Investigate WHATWG spec text vs RFC 3986 for normalization in CSP Mike West 2013-04-02
ACTION-126 (edit) closed Propose urlencoded mime type solution for cross-origin JSON to list Brad Hill 2013-04-02
ACTION-127 (edit) closed Add one-way mutability to policy points exposed in script interface Mike West 2013-11-05
ACTION-128 (edit) closed Raise intersection of meta and header policies on list Brad Hill 2013-05-02 CSP Level 2
ACTION-129 (edit) closed Research and propose spec text for applying plugin-types to iframes Adam Barth 2013-05-25 CSP Level 2
ACTION-130 (edit) closed Draft text on referer control policy Mike West 2013-05-25 CSP Level 2
ACTION-131 (edit) closed Write a problem statement exploring the space of mixed content specifications Brad Hill 2013-05-02
ACTION-132 (edit) closed Write a problem statement exploring the space of HTML templating / safe HTML Brad Hill 2013-05-02
ACTION-133 (edit) closed better specify XPath reporting in UI Security Brad Hill 2013-05-07 UI Security
ACTION-134 (edit) closed report dependencies on event types Brad Hill 2013-05-25 UI Security
ACTION-135 (edit) closed Promote the security model documentation project Thomas Roessler 2013-05-03
ACTION-136 (edit) closed Issue CfC to list on new WD publication of CSP 1.1 Adam Barth 2013-05-14
ACTION-137 (edit) closed Query list whether CORS HTTP auth should re-open spec Brad Hill 2013-05-14
ACTION-138 (edit) closed Update csp report content-type to application/csp-report or similar Adam Barth 2013-05-14
ACTION-139 (edit) closed Add HTTP response code to reports in CSP 1.1 Adam Barth 2013-06-11
ACTION-140 (edit) closed Add text addressing Adam Barth 2013-06-11
ACTION-141 (edit) open CSP Next: Update default-src language to be more future-proof Mike West 2015-01-31 CSP Level 3
ACTION-142 (edit) closed Email bhill, ekr, and tobie re github setup Wendy Seltzer 2013-06-11
ACTION-143 (edit) closed CSP Level 2: change error handling behavior for loading blocked resources Mike West 2014-07-31 CSP Level 2
ACTION-144 (edit) open CSP Next: Propose text on layering of fetch context types with CSP directives Mike West 2015-01-31 CSP Level 3
ACTION-145 (edit) closed Update nonce-value directive to allow b64, b64url chars, specify minimum length of 1 Adam Barth 2013-07-09
ACTION-146 (edit) closed Respond to list, propose setting worker policy from header rather than inheriting it Daniel Veditz 2013-07-09
ACTION-147 (edit) closed Propose updated hash source text to list addressing Neil Matatall 2013-07-23
ACTION-148 (edit) closed Get patent release on referer control proposal from lafs authors Brad Hill 2013-08-20
ACTION-149 (edit) closed Document proposal of simply excluding blob:, data:, etc from matching * everywhere, no explicit tie to unsafe-eval Daniel Veditz 2013-10-22
ACTION-150 (edit) closed Post a cfc to the list on closing the csp 1.1 feature set Brad Hill 2013-09-17
ACTION-151 (edit) closed to provide text to list about interaction btwn extensions and csp is Mike West 2013-11-05
ACTION-152 (edit) closed CSP 2: Update csp to make unsafe-inline, unsafe-eval universal constructs Mike West 2014-07-31 CSP Level 2
ACTION-153 (edit) closed Propose more precise text for child-src directive idea Brad Hill 2014-08-26 CSP Level 3
ACTION-154 (edit) closed Propose more precise language for directives for shared worker Brad Hill 2013-11-26
ACTION-155 (edit) pending review Update csp to reflect that workers use policy resource is delivered with Mike West 2013-11-26
ACTION-156 (edit) pending review CSP: Clarify plugin-src behavior: if able to determine resource, self or none Mike West 2014-11-01 CSP Level 2
ACTION-157 (edit) closed Cancel dec 31st call Brad Hill 2013-12-10
ACTION-158 (edit) closed Raise frame-options vs. frame-ancestors name on ietf websec list Brad Hill 2013-12-10
ACTION-159 (edit) closed Respond to list re: consensus that applying hash/nonce to inline handlers not desired as a 1.1 feature Neil Matatall 2013-12-24
ACTION-160 (edit) closed Reply to jonas sicking on list re: cascade of style-src to font-src Brad Hill 2013-12-24
ACTION-161 (edit) closed Abandon cfc on uisecurity to lcwd for now Brad Hill 2013-12-24
ACTION-162 (edit) closed Propose to list text on form-action vs. connect-src re: sending data vs. receiving it Brad Hill 2014-02-05
ACTION-163 (edit) closed Give language on how frame-ancestors interacts with xfo Brad Hill 2014-02-05
ACTION-164 (edit) open CSP Next: Integrate mnot's cookie scope proposal. Mike West 2015-01-31 CSP Level 3
ACTION-165 (edit) closed Open sri issues in tracker from spec text Brad Hill 2014-03-19
ACTION-166 (edit) open to add an explicit "privacy considerations" section to sri Mike West 2014-03-19 Subresource Integrity Level 1
ACTION-167 (edit) open Respond to list queries about hints for content-addressable storage Devdatta Akhawe 2014-05-30 Subresource Integrity Level 1
ACTION-168 (edit) closed Raise to the list handling of csp associated with installed apps as possible spec note Brad Hill 2014-04-16 CSP Level 2
ACTION-169 (edit) open Read and respond to use of sri hashes for caching/alternate locations: Devdatta Akhawe 2014-05-30 Subresource Integrity Level 1
ACTION-170 (edit) closed Arrange some joint meeting time with svg wg Brad Hill 2014-04-30
ACTION-171 (edit) closed Propose text to list on issue-58 Brad Hill 2014-04-30 CSP Level 2
ACTION-172 (edit) open Review servicewoker issues relevant to csp from github Mike West 2015-01-31 CSP Level 3
ACTION-173 (edit) closed Talk with plh about fetch and csp, invite conversation with webappsec Wendy Seltzer 2014-05-14
ACTION-174 (edit) closed Raise frame-ancestors/fetch/neterror on list Mike West 2014-11-03 CSP Level 2
ACTION-175 (edit) closed Post tpac dates to list for next f2f Brad Hill 2014-05-14
ACTION-176 (edit) closed Post a redux and cfc on options for resolving the redirects/paths/reporting issue in csp 1.1 Brad Hill 2014-06-11
ACTION-177 (edit) closed Send a cfc to adopt mixed content draft as a wg product Brad Hill 2014-06-25
ACTION-178 (edit) closed Update csp 1.0 extensions language for pr to match 1.1 lcwd text Brad Hill 2014-11-25 CSP Level 1
ACTION-179 (edit) closed Investigate duration of lc for csp 1.1 Brad Hill 2014-06-25
ACTION-180 (edit) closed Document that user-set prefs regarding referrers override csp-set policies Mike West 2014-06-25
ACTION-181 (edit) open Suggest more clear use case and language around exact behavior for noncanonical-src Brad Hill 2014-11-17 Subresource Integrity Level 1
ACTION-182 (edit) open Make sure blob origin is discussed further on list Brad Hill 2014-11-17 CSP Level 3
ACTION-183 (edit) closed Add language that user-agent may decline to send reports for priority of constituency reasons and still be conforming Mike West 2014-07-09 CSP Level 2
ACTION-184 (edit) closed Make sure the spec says frame-ancestors uses the origin rather than the url Mike West 2014-07-23 CSP Level 2
ACTION-185 (edit) closed Make sure that frame-ancestors is relative to origin, not url and without path components Brad Hill 2014-07-23 CSP Level 2
ACTION-186 (edit) open Do more research on preventing 401 attach Brad Hill 2015-01-31 CSP Level 3
ACTION-187 (edit) closed Reconsider call time Brad Hill 2014-09-17
ACTION-188 (edit) open Evaluate json-src Mike West 2015-01-31 CSP Level 3
ACTION-189 (edit) open Evaluate script-ancestors Mike West 2015-01-31 CSP Level 3
ACTION-190 (edit) open Is reflected-xss directive at risk? David Walp 2014-11-03 ISSUE-62
ACTION-191 (edit) closed Inconsistency in source hash description Mike West 2014-11-03 CSP Level 2
ACTION-192 (edit) open Evaluate control over nesting depth. Mike West 2014-11-03 CSP Level 3
ACTION-193 (edit) closed Respond to Brian Smith on referrer-policy Brad Hill 2014-11-03
ACTION-194 (edit) closed Respond to Hatter Jiang on 401 attach Brad Hill 2014-11-03 CSP Level 2
ACTION-195 (edit) closed Respond to Hatter Jiang on JSONP directives - under consideration for v.Next Brad Hill 2014-11-03
ACTION-196 (edit) closed Remove intranet/internet section from Mixed Content spec Mike West 2014-11-03 Mixed Content
ACTION-197 (edit) closed Schedule an ad-hoc at TPAC 2014 (+wseltzer, +plh, +robin, +tbl?) Brad Hill 2014-10-28
ACTION-198 (edit) open Take bookmarklets discussion back to the list Brad Hill 2014-11-17 CSP Level 3
ACTION-199 (edit) open Keep topic of internet/intranet connectivity and https on the w3c radar Wendy Seltzer 2014-11-03
ACTION-200 (edit) pending review Investigate git issue tooling with other w3c groups Brad Hill 2014-11-24
ACTION-201 (edit) closed Add permissions api to draft charter Brad Hill 2014-11-24
ACTION-202 (edit) closed Issue cfc on new draft charter Brad Hill 2014-11-24
ACTION-203 (edit) closed Raise issue for sri large object /streaming integrity Brad Hill 2014-11-24
ACTION-204 (edit) pending review Reply to mark watson that 1/2 of his issue is a last call comment to mix Brad Hill 2014-11-24
ACTION-205 (edit) pending review Does link really violate csp guarantees? Brad Hill 2014-11-24
ACTION-206 (edit) pending review Reply on referrer suggest imperative policy controls in serviceworker Brad Hill 2014-11-24
ACTION-207 (edit) open Raise definition of sandboxed worker in html spec Brad Hill 2014-11-24
ACTION-208 (edit) closed Take charter to w3m for review Wendy Seltzer 2014-12-22
ACTION-209 (edit) open Ask open data/linked data groups for info on data publishing for use in secure context Wendy Seltzer 2015-01-19
ACTION-210 (edit) open Move sri bugs in bugzilla to github Brad Hill 2015-01-19
ACTION-211 (edit) open Ask github if they prefer fail open / closed on unknown hashes Brad Hill 2015-01-19
ACTION-212 (edit) open Issue cfc to take mixed content to cr Brad Hill 2015-02-16
ACTION-213 (edit) open Reply to brian smith re: csp2 to cr Brad Hill 2015-02-16
ACTION-214 (edit) closed Ask mozilla ac rep about the current status of their charter objections Wendy Seltzer 2015-03-02
ACTION-215 (edit) open Schedule conversation with web platform wg chairs and webappsec re csp3 Wendy Seltzer 2016-01-15
ACTION-216 (edit) closed Examine fetch refs for stability Wendy Seltzer 2016-04-27
ACTION-217 (edit) closed Ask tag for feedback on secure contexts Wendy Seltzer 2016-05-23
ACTION-218 (edit) open And dveditz to send call for wide review for referrer policy Mike West 2017-11-13
ACTION-219 (edit) open And dveditz to send call for wide review for secure contexts Mike West 2017-11-13
ACTION-220 (edit) open File issue on the spec to match firefox behavior Daniel Veditz 2017-11-13
ACTION-221 (edit) open Figure out new syntax and send to the list Mike West 2017-11-13
ACTION-222 (edit) open Take a stab a specifying a cors switch "retry without creds on failure" Mike West 2017-11-14

Add a new action item. See all the action items

Daniel Veditz <>, Mike West <>, Chairs, Wendy Seltzer <>, Samuel Weiler <>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <>.
$Id: index.html,v 1.1 2020/01/17 08:52:17 carcone Exp $