- From: Jake Archibald <notifications@github.com>
- Date: Mon, 15 Dec 2014 10:52:35 -0800
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Monday, 15 December 2014 18:53:04 UTC
> if the SW passes a CORS response back the UA would need to enforce the CORS filtered response limitations otherwise you could embed something in an <iframe> and get more data out of it. What does an iframe expose that a CORS response wouldn't? I suppose a header such as `Link: </styles.css>; REL=stylesheet` could be detected as you'd see the request for `styles.css`. --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/590#issuecomment-67044412
Received on Monday, 15 December 2014 18:53:04 UTC