Re: [slightlyoff/ServiceWorker] Foreign fetch vs non-credentialed requests (#878)

> And letting someone setup a tracker across all sites referencing a third-party font, etc, seems quite bad, no?

How are you going to prevent that though if you still give the ability to do just that? Seems like irreconcilable goals.

And what exactly is the attack model here? If B is used everywhere and wants to track, it can already do so, with or without credentials, and even better the moment we let it run scripts.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/878#issuecomment-210543807

Received on Friday, 15 April 2016 16:51:52 UTC