Menu

3 Notes Published: Content Security Policy: Cookie Controls, Pinning; Entry Point Regulation

September 13th, 2016

The Web Application Security Working Group has published 3 Notes:
  • Content Security Policy: Cookie Controls: This Note provides a historical reference for a proposed set of mechanisms by which web developers can limit the ways in which cookies may be set in the context of their sites and applications.
  • Content Security Policy: Pinning: This Note provides a historical reference for a proposed mechanism to allow authors to instruct user agents to remember (“pin”) and enforce a Content Security Policy for a set of hosts for a period of time.
  • Entry Point Regulation: This Note provides a historical reference for a proposed mechansim to mitigate the risk of reflected cross-site scripting (XSS), cross-site script inclusion (XSSI), and cross-site request forgery (CSRF) attacks by demarcating the areas of an application which are intended to be externally referencable. A specified policy is applied on external requests for all non-demarcated resources.