- From: Takeshi Yoshino <notifications@github.com>
- Date: Thu, 15 Jan 2015 00:57:55 -0800
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Thursday, 15 January 2015 08:58:23 UTC
Hmm, it seems that by using `RequestInit.mode=="no-cors"` and looking at the `type` on the returned `Response`, we can determine whether a certain host exists && is_serving_HTTP. Shouldn't this be considered as a way for port scanning? Make a cross-origin request using `fetch()` from origin X to Y. - If Y points at a working web server, the result would be "opaque" - If not, the result would be "error". I.e. the Promise would be rejected Cf. the WebSocket API not returning details of opening handshake. See the big red warning in https://html.spec.whatwg.org/multipage/comms.html#feedback-from-the-protocol /cc @horo-t --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/581#issuecomment-70056571
Received on Thursday, 15 January 2015 08:58:23 UTC