- From: David Benjamin <notifications@github.com>
- Date: Fri, 24 Aug 2018 10:41:37 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 24 August 2018 17:41:58 UTC
Indeed! See also CORB and friends. The legacy thing where the web platform has all these "you can execute this but not read through contents" CORS bypasses are kind of a disaster. I need to swap this particular issue back in, but having to sacrifice ergonomics here to plug a vulnerability would not be at all surprising to me. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/719#issuecomment-415830711
Received on Friday, 24 August 2018 17:41:58 UTC