- From: Lukasz Anforowicz <notifications@github.com>
- Date: Mon, 07 May 2018 17:29:57 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 7 May 2018 17:30:21 UTC
anforowicz commented on this pull request. > @@ -2354,6 +2354,55 @@ X-Content-Type-Options = "nosniff" ; case-insensitive</pre> pertain to them. Also, considering "<code>image</code>" was not compatible with deployed content. +<h3 id=corb>CORB</h3> + +<p class="note">Cross-origin read blocking, better known as CORB, is an algorithm by which dubious +cross-origin resource fetches are identified and blocked before they reach a web page. CORB reduces +the risk of leaking sensitive data by keeping it further from cross-origin web pages. > `blocked before` remove double space. Done. > Is it fair to say we're "blocking fetches that would fail anyway, but blocking them earlier to reduce the risk of leaking sensitive data…" I've tried to incorporate the suggestion into the current wording. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/686#discussion_r186490833
Received on Monday, 7 May 2018 17:30:21 UTC