You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I saw this topic , which ensured me, that change to the spec we did is in right direction.
However, the question prompted me to check if sandboxed origin browsing context has control over navigation to non-network schemes, and I was surprised to see that there is no control over that capability.
I think that limiting nested browsing context navigation to the defined set of schemes is in immediate CSP interest, or perhaps fetch? Can we do something in CSPland to have that capability?
The text was updated successfully, but these errors were encountered:
I ask if requiring parent context to opt-in to allow navigating iframes to non-network schemes is sane idea or not (if it both fits CSP roadmap and is technically possible to implement by browsers without rewriting everything).
I saw this topic , which ensured me, that change to the spec we did is in right direction.
However, the question prompted me to check if sandboxed origin browsing context has control over navigation to non-network schemes, and I was surprised to see that there is no control over that capability.
I think that limiting nested browsing context navigation to the defined set of schemes is in immediate CSP interest, or perhaps fetch? Can we do something in CSPland to have that capability?
The text was updated successfully, but these errors were encountered: