The Web Application Security Working Group has published 3 Notes:
- Content Security Policy: Cookie Controls: This Note provides a historical reference for a proposed set of mechanisms by which web developers can limit the ways in which cookies may be set in the context of their sites and applications.
- Content Security Policy: Pinning: This Note provides a historical reference for a proposed mechanism to allow authors to instruct user agents to remember (“pin”) and enforce a Content Security Policy for a set of hosts for a period of time.
- Entry Point Regulation: This Note provides a historical reference for a proposed mechansim to mitigate the risk of reflected cross-site scripting (XSS), cross-site script inclusion (XSSI), and cross-site request forgery (CSRF) attacks by demarcating the areas of an application which are intended to be externally referencable. A specified policy is applied on external requests for all non-demarcated resources.
by Maria Auday via W3C News
No comments:
Post a Comment