This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

This archived bug list includes all the bugs for the product or component specified, including bugs that have been resolved.

Mon Apr 1 2019 14:16:50 UTC
Hide Search Description
33 bugs found.
ID Product Comp Assignee Status Resolution Summary Opened Changed
14663 WebAppsS CORS annevk RESO WONT Advice on CORS and caches 2011-11-01 2013-10-25
14664 WebAppsS CORS annevk RESO INVA Defining CORS headers 2011-11-01 2013-10-25
14665 WebAppsS CORS annevk RESO FIXE Content-Type is not a simple header 2011-11-01 2011-11-23
14666 WebAppsS CORS annevk RESO FIXE Be clearer about cookies and CORS 2011-11-01 2011-11-25
14700 WebAppsS CORS annevk RESO FIXE Point out that Access-Control-Allow-Origin:* is safe for servers not behind a firewall 2011-11-05 2013-10-25
15312 WebAppsS CORS annevk RESO WONT lowercasing requirement for Access-Control-Request-Headers harmful 2011-12-22 2012-05-03
16203 WebAppsS CSP w3c NEW --- Nothing is said about what happens when default-src is omitted. 2012-03-02 2012-05-03
16434 WebAppsS CORS annevk RESO FIXE Clarify that "global unique identifier" is an alias for "null" (for all CORS-purposes) 2012-03-19 2012-03-22
16436 WebAppsS CORS annevk RESO FIXE Resource processing: shouldn't need to split Origin string on SPACE anymore 2012-03-19 2012-03-22
17042 WebAppsS CORS annevk RESO INVA Last-Event-ID is not a simple header 2012-05-13 2013-10-28
17205 WebAppsS CORS annevk RESO INVA graph.Facebook.com/ladybug2007 2012-05-26 2012-05-29
19315 WebAppsS CORS annevk RESO DUPL Last-Event-ID header should be a simple header 2012-10-07 2013-10-28
19920 WebAppsS CORS annevk RESO INVA Don't allow space-separated origins in the syntax 2012-11-09 2013-10-25
20205 WebAppsS CSP w3c NEW --- iOS 6 2012-12-03 2012-12-03
21012 WebAppsS CORS annevk RESO WONT Add more text on Vary 2013-02-15 2013-10-28
21608 WebAppsS CORS annevk RESO WONT 7.2 "Resource Sharing Check" does not specify how to handle a space separated list in Access-Control-Allow-Origin 2013-04-07 2013-10-25
22256 WebAppsS CSP w3c CLOS FIXE Add a note regarding first line of defense. 2013-06-04 2013-07-02
23357 WebAppsS CSP2 hillbrad RESO WONT Subverting CSP policies for browser add-ons (extensions). 2013-09-25 2018-01-17
26061 WebAppsS CSP w3c NEW --- Improve consistency with CSP 1.1 w.r.t. add-on/extension semantics. 2014-06-11 2014-06-11
27291 WebAppsS CSP2 mkwst NEW --- Referrer: Consider a mechanism to specify a referrer URL. 2014-11-10 2014-11-10
27302 WebAppsS Mixed Co mkwst ASSI --- Define an elaboration of #may-document-use-powerful-features that checks ancestor browsing contexts 2014-11-11 2014-11-25
27341 WebAppsS Subresou mkwst NEW --- consider replacing integrity-metatata ABNF production with a precise prose definition of the datatype/microsyntax 2014-11-17 2014-11-17
27744 WebAppsS Subresou mkwst NEW --- Should define the term 'subresource' 2015-01-05 2015-01-05
27745 WebAppsS Subresou mkwst NEW --- Should define the term 'integrity' 2015-01-05 2015-01-05
27746 WebAppsS Subresou mkwst NEW --- Integrity of image content 2015-01-05 2015-01-07
27747 WebAppsS Subresou fbraun NEW --- Integrity of font content 2015-01-05 2018-08-16
27748 WebAppsS Subresou mkwst NEW --- Value of @integrity attribute not sufficiently prescriptive 2015-01-05 2015-01-08
28620 WebAppsS UISecuri oner_basut RESO INVA vbvcb 2015-05-09 2015-05-10
28861 WebAppsS CORS annevk NEW --- Section 6.2 Preflight Request, step 10, second note: "Access-Control-Allow-Headers" instead of "Access-Control-Request-Headers" 2015-06-28 2015-07-01
30087 WebAppsS UISecuri hillbrad NEW --- yun95@yahoo.com 2017-04-13 2017-04-13
30088 WebAppsS UISecuri hillbrad NEW --- yun95@yahoo.com 2017-04-13 2017-12-04
30212 WebAppsS UISecuri hillbrad NEW --- jf 2017-12-22 2017-12-22
30273 WebAppsS UISecuri hillbrad NEW --- gmail.com 2018-07-04 2018-07-04
33 bugs found.
CSV