- From: vanupam <notifications@github.com>
- Date: Tue, 03 Apr 2018 16:46:24 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 3 April 2018 16:47:37 UTC
vanupam commented on this pull request. > @@ -2325,6 +2409,251 @@ X-Content-Type-Options = "nosniff" ; case-insensitive</pre> <a for=request/destination>script-like</a> or "<code>style</code>" are considered as any exploits pertain to them. Also, considering "<code>image</code>" was not compatible with deployed content. +<h3 id=token-binding>Token Binding</h3> + +<p>In order to protect security tokens like HTTP cookies and OAuth tokens, user agents and servers +can use a technique known as <dfn export id=concept-token-binding>Token Binding</dfn> to +cryptographically associate a given token with a secret +(a <dfn export id=concept-token-binding-key>token-binding key</dfn>) known only to a specific Done. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/325#discussion_r178889688
Received on Tuesday, 3 April 2018 16:47:37 UTC