Re: [whatwg/fetch] Cross-Origin-Resource-Policy (was: From-Origin) (#687) from arturjanc on 2018-06-15 (public-webapps-github@w3.org from June 2018)

From: arturjanc <notifications@github.com>
Date: Fri, 15 Jun 2018 14:10:50 +0000 (UTC)
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/687/397633281@github.com>

I looked at the spec changes in https://github.com/whatwg/fetch/pull/733 and they make sense to me. I also like @youennf's solution from https://github.com/whatwg/fetch/issues/687#issuecomment-394106967 to not relax the `same-site` restrictions to HTTP origins when loading HTTPS resources (but allow loads in the other direction).

LGTM overall for v1. I do think some developers may encounter problems during adoption due to the lack of origin-based granularity and not having sufficient visibility into who requests their resources, but this is likely something we can tackle in the future.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/687#issuecomment-397633281

Received on Friday, 15 June 2018 14:11:15 UTC