[websec] WGLC feedback about allow-from in X-Frame-Options
Adam Barth <ietf@adambarth.com> Wed, 07 November 2012 21:34 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2774C21F8A3E for <websec@ietfa.amsl.com>; Wed, 7 Nov 2012 13:34:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J9pUwF2DdTYs for <websec@ietfa.amsl.com>; Wed, 7 Nov 2012 13:34:14 -0800 (PST)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id A9A5021F8A14 for <websec@ietf.org>; Wed, 7 Nov 2012 13:34:14 -0800 (PST)
Received: by mail-oa0-f44.google.com with SMTP id n5so2339142oag.31 for <websec@ietf.org>; Wed, 07 Nov 2012 13:34:14 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type :x-gm-message-state; bh=qHpoET4uGBczQaO7+DFecbiKpBq0tmOFqok3qQCFsCs=; b=Z/p4xzBpjwuPP92Cu5E5BiKmmcxipt7fMuXTkBYKmXuIMSwvWOAKzyjaYIqSqShGL1 zWkXvAMQIwEUldWTyy4NECh4MxEgCuhhkwlJz2VGMlF/Hsxh85YFaE6qYu7HuPhPZJvG wmxvG0CZ7pCMRLANtKLc+18vyOXO9TX3OOzjePtZ3qUYgQfySSgeLXAANIZbonrHU4tl OCWAYElUT2KOABayX/DGnsSztsomHKoq9ROwb0JkaIZdPKPQZ7M6+rwym+BdLb+usd92 YawX3Fn9VoWFzA5R2JpGGGHcfPiw8FVy08hkplhTbc1Zyti6LPzprmbhpbrck8fXoMR1 ySJg==
Received: by 10.60.169.48 with SMTP id ab16mr3270731oec.15.1352324054216; Wed, 07 Nov 2012 13:34:14 -0800 (PST)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by mx.google.com with ESMTPS id n7sm24710225obd.16.2012.11.07.13.34.11 (version=SSLv3 cipher=OTHER); Wed, 07 Nov 2012 13:34:12 -0800 (PST)
Received: by mail-ob0-f172.google.com with SMTP id v19so2295449obq.31 for <websec@ietf.org>; Wed, 07 Nov 2012 13:34:11 -0800 (PST)
Received: by 10.182.54.103 with SMTP id i7mr3898737obp.62.1352324051102; Wed, 07 Nov 2012 13:34:11 -0800 (PST)
MIME-Version: 1.0
Received: by 10.60.8.195 with HTTP; Wed, 7 Nov 2012 13:33:40 -0800 (PST)
From: Adam Barth <ietf@adambarth.com>
Date: Wed, 07 Nov 2012 13:33:40 -0800
Message-ID: <CAJE5ia_1SDRZSF7KQTEB2jSKjHJ4-3=X3mO7dW0nLLosE2VT5w@mail.gmail.com>
To: websec <websec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQnY/DAlXR8YCXrVJy4Zm2xX+8RlgAhNxy80J2JqGcZn5wBhiYas2/yFOU5h+FWV8mCRZAmj
Subject: [websec] WGLC feedback about allow-from in X-Frame-Options
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2012 21:34:15 -0000
In draft-ietf-websec-x-frame-options, we should note that allow-from is an IE-only extension and is not implemented by any other user agents. Adam