- From: Roger Hågensen <rescator@emsai.net>
- Date: Tue, 14 Oct 2014 00:47:47 +0200
- To: whatwg@lists.whatwg.org
On 2014-10-13 15:53, Anne van Kesteren wrote: > Per XMLHttpRequest User-Agent has been off limits for script. Should > we keep it that way for fetch()? Would it be harmful to allow it to be > omitted? > > https://github.com/slightlyoff/ServiceWorker/issues/399 > > A possible attack I can think of would be an firewall situation that > uses the User-Agent header as authentication check for certain > resources. > > That's a server security issue and not a browser one, attackers would never use a "nice" browser for attacks anyway, what point is there in background checks for security guards if the window is always open so anyone can get in? ;) -- Roger "Rescator" Hågensen. Freelancer - http://www.EmSai.net/
Received on Monday, 13 October 2014 22:48:19 UTC