Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix potential exfiltration of browsing history by a rogue list author…
… through permissions= As with `csp=` option, reporting capabilities need to be taken into account with `permissions=` option. Reference: https://github.com/w3c/webappsec-permissions-policy/blob/main/reporting.md This commit ensures that `permissions=` option using `report-to` are marked as invalid.
- Loading branch information