- From: Mike West <notifications@github.com>
- Date: Thu, 16 Mar 2017 01:14:46 -0700
- To: w3c/FileAPI <FileAPI@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 16 March 2017 08:15:19 UTC
I see. `sandbox` isn't enough because you're worried about potentially opening the blob in a top-level context where you don't have control, and can't send headers. I wonder if it would be reasonable to have a more general solution by allowing the developer to attach headers to the blob at creation time which would be delivered along with the blob when it's loaded. That would solve a different problem whereby folks can bypass CSP by creating a blob and navigating to it in a top-level context. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/FileAPI/issues/74#issuecomment-286986384
Received on Thursday, 16 March 2017 08:15:19 UTC