Should Chrome start supporting the `ALLOW-FROM` value for `X-Frame-Options`?
Secure by default in what sense? Just exposing ancestorOrigins doesn't make anything secure by default...
-
-
to fix the privacy aspect an API like assertAncestors could have been suggested instead of just not implementing
-
My impression from discussions was that the privacy invasion was the stated _point_ of ancestorOrigins.
- 6 more replies
New conversation -
-
-
secure-by-default as in security can be guaranteed on JS side without server configuration.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.