- From: Fredrik Söderqvist via GitHub <sysbot+gh@w3.org>
- Date: Fri, 27 Mar 2020 12:12:01 +0000
- To: public-svg-issues@w3.org
> It's unclear which request destination fetched SVG document should have, which can impact which CSP directives control them, which `as` values developers need to set in order to preload them and which `Sec-Fetch-Dest` headers servers see in their requests. Well, it's unclear because no one on the "fetch side" knew about them presumably (and didn't spend any time finding out). > Furthermore, current implementations are use different destinations in different contexts. For example, Chrome seems to use "document" when fetching the SVG document into its own browsing context, That seems about right since that would just be a regular "navigate" case. > but uses the "image" destination when the document is fetched using a `<use>` element. Since these documents are often referred to (at least by some... and the spec section you linked) as "(sub)resource documents" and they are supposed to be in "secure static mode" (meaning no scripting for example) maybe they should be `"resource-document"` or `"static-document"` or something like that. -- GitHub Notification of comment by fsoder Please view or discuss this issue at https://github.com/w3c/svgwg/issues/782#issuecomment-604966410 using your GitHub account
Received on Friday, 27 March 2020 12:12:03 UTC