[whatwg] Clickjacking and CSRF

Jonas Sicking jonas at sicking.cc
Thu Jul 16 15:13:56 PDT 2009


On Thu, Jul 16, 2009 at 2:25 PM, Aryeh Gregor<Simetrical+w3c at gmail.com> wrote:
> Is there support in the spec for pinging the report-uri on violations,
> but still allowing the violation to go through?  That could allow much
> easier deployment, so that you could verify that your policy wasn't
> blocking anything legitimate.  I don't see it anywhere, but I didn't
> look very hard.

I don't think so. I've cc'ed the relevant people that can answer.

/ Jonas



More information about the whatwg mailing list