IMO, a CORS restriction would be too restrictive, and will pose a significant deployment hurdle. @annevk - can you expand on why this wouldn't work well with CORP? It seems to be leaking the exact same information that CORP "allows" you to leak. /cc @camillelamy -- GitHub Notification of comment by yoavweiss Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5165#issuecomment-654137270 using your GitHub accountReceived on Monday, 6 July 2020 09:58:35 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:11 UTC