Re: [w3ctag/design-reviews] `sec-metadata` (#280)

* Splitting `document` seems potentially breaking, but I wouldn't mind trying to use `nested-document` for frames.
* I'd prefer `destination=fetch`, with no string values. `<link rel=preload as>` takes a potential destination, as defined by HTML.
* The way it relates to #76 is that #76 is about the fetcher having to know how to fetch the resource. This seems to make that worse as this allows the resource to make that much more granular (e.g., only providing a response when `destination` is `font`).
* Given that according to https://www.arturjanc.com/cross-origin-infoleaks.pdf SameSite cookies provide the same level of defense, it's unclear that it's worth the tradeoff.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/280#issuecomment-394598257

Received on Tuesday, 5 June 2018 06:39:02 UTC