Re: [HASMAT] X-FRAME-OPTIONS
Devdatta Akhawe <dev.akhawe@gmail.com> Thu, 09 September 2010 17:52 UTC
Return-Path: <dev.akhawe@gmail.com>
X-Original-To: hasmat@core3.amsl.com
Delivered-To: hasmat@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F26223A6819 for <hasmat@core3.amsl.com>; Thu, 9 Sep 2010 10:52:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kUrPFFOr9oFb for <hasmat@core3.amsl.com>; Thu, 9 Sep 2010 10:52:32 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by core3.amsl.com (Postfix) with ESMTP id DBAC73A68FA for <hasmat@ietf.org>; Thu, 9 Sep 2010 10:52:25 -0700 (PDT)
Received: by qyk9 with SMTP id 9so1842679qyk.10 for <hasmat@ietf.org>; Thu, 09 Sep 2010 10:52:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type; bh=Jf8G/PWfYUpPWg10fM2z+YSypvPAt31t+Ed0XVflHkU=; b=tY/+1lA8hWrfD7QA3r/cMpbcrZv3wz5dKOUge5gnJdtDt8c/fqj7/3BTNeIEM5DPBe 1UMtDwZg1cQqLUIaOrnOsb+Y7XY41Y/pwvBzQ0BcR/GosLvYv2+u/CIYI38BPtwSPP0l 3ni43I0XjSkKGeQjunidMh9Gf8MES/X3uK4LU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=aI0+VT7SNLn0ieMLX0tqkpjeDpCRV1/E2hG7SzzAKU0it/9XMZvAKUcpJJUMojqCNx w7aJ4qCS/bJi570RoYgwrdsqv5apuqT8c4jW1NkIJkVaewCN2+tuaDvg86Ir7tHBF5eI 93YwTjFbV2GKyjmV1cn9Ke3AeUSE6XYVbpF0A=
Received: by 10.229.28.140 with SMTP id m12mr222692qcc.93.1284054773242; Thu, 09 Sep 2010 10:52:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.11.25 with HTTP; Thu, 9 Sep 2010 10:52:33 -0700 (PDT)
In-Reply-To: <AANLkTinF4=O4TRr_FS8QK+c5mDWdAAo5t=hJ4MAmXUoH@mail.gmail.com>
References: <4C88AD91.4090301@gmx.de> <5EE049BA3C6538409BBE6F1760F328ABEAF852CA70@DEN-MEXMS-001.corp.ebay.com> <AANLkTinF4=O4TRr_FS8QK+c5mDWdAAo5t=hJ4MAmXUoH@mail.gmail.com>
From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Thu, 09 Sep 2010 10:52:33 -0700
Message-ID: <AANLkTi=PNP0oFRdLSXtFPiYKRy0Uiv07UeZmbFBkA16O@mail.gmail.com>
To: Adam Barth <ietf@adambarth.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: IETF HASMAT list <hasmat@ietf.org>
Subject: Re: [HASMAT] X-FRAME-OPTIONS
X-BeenThere: hasmat@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HTTP Application Security Minus Authentication and Transport <hasmat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hasmat>
List-Post: <mailto:hasmat@ietf.org>
List-Help: <mailto:hasmat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hasmat>, <mailto:hasmat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Sep 2010 17:52:33 -0000
> > Yeah, X-Frame-Options seems like a special case of CSP. Additionally, CSP's version has some of the flexibility that Adam was talking about. cheers devdatta
- [HASMAT] X-FRAME-OPTIONS Julian Reschke
- Re: [HASMAT] X-FRAME-OPTIONS Adam Barth
- Re: [HASMAT] X-FRAME-OPTIONS Steingruebl, Andy
- Re: [HASMAT] X-FRAME-OPTIONS Adam Barth
- Re: [HASMAT] X-FRAME-OPTIONS Tony Hansen
- Re: [HASMAT] X-FRAME-OPTIONS Adam Barth
- Re: [HASMAT] X-FRAME-OPTIONS Devdatta Akhawe