-
Notifications
You must be signed in to change notification settings - Fork 4
/
670.txt
53 lines (38 loc) · 2.41 KB
/
670.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
* 仕様書
[REFS[
- [4] [CITE@en[draft-ietf-websec-x-frame-options-01 - HTTP Header X-Frame-Options]] ([TIME[2012-10-23 08:15:27 +09:00]] 版) <http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-01>
]REFS]
* 実装
[REFS[
- [1] [CITE@en-us[The X-Frame-Options response header - MDC]]
([TIME[2010-10-27 15:11:17 +09:00]] 版)
<https://developer.mozilla.org/en/the_x-frame-options_response_header>
]REFS]
* 歴史
** IE8
[REFS[
- [2] [CITE@en[IE8 Security Part VII: ClickJacking Defenses - IEBlog - Site Home - MSDN Blogs]] ([TIME[2012-11-18 02:39:00 +09:00]] 版) <http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx>
- [3] [CITE@en[Combating ClickJacking With X-Frame-Options - IEInternals - Site Home - MSDN Blogs]] ([TIME[2012-11-18 02:39:57 +09:00]] 版) <http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx>
]REFS]
** 追随
{REFS[
- [6] [CITE[690168 – Implement Allow-From syntax for X-Frame-Options]] ([TIME[2012-11-18 02:44:50 +09:00]] 版) <https://bugzilla.mozilla.org/show_bug.cgi?id=690168>
- [5] [CITE[Bug 94836 – Support for X-Frame-Options: Allow-From '''['''uri''']''']] ([TIME[2012-11-18 02:43:58 +09:00]] 版) <https://bugs.webkit.org/show_bug.cgi?id=94836>
]REFS]
** 標準化
[REFS[
- [4] [CITE@en[draft-ietf-websec-x-frame-options-01 - HTTP Header X-Frame-Options]] ([TIME[2012-10-23 08:15:27 +09:00]] 版) <http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-01>
]REFS]
[7] 初期案では [DFN[[CODE(HTTP)@en[[[Frame-Options:]]]]]], [DFN[[CODE(HTTP)@en[[[Frame-Option:]]]]]]
といった名前でしたが、その後実際に使われている [CODE(HTTP)@en[[[X-Frame-Options:]]]] に変更されています。
[8] [CITE@en[draft-ietf-websec-frame-options-00 - HTTP Header Frame Options]]
( ([TIME[2012-10-14 12:33:27 +09:00]] 版))
<http://tools.ietf.org/html/draft-ietf-websec-frame-options-00>
[9] ( ([TIME[2010-07-20 19:05:29 +09:00]] 版))
<http://seclab.stanford.edu/websec/framebusting/framebust.pdf>
[10] [CITE@en[Coordinating Frame-Options and CSP UI Safety directives]]
( ([[Hill, Brad]] 著, [TIME[2012-07-10 03:31:42 +09:00]] 版))
<http://lists.w3.org/Archives/Public/public-webappsec/2012Jul/0014.html>
[11] [CITE[IRC logs: freenode / #whatwg / 20130717]]
( ([TIME[2013-07-20 20:18:32 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20130717#l-203>