- From: Mike West <notifications@github.com>
- Date: Fri, 18 May 2018 01:24:59 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 18 May 2018 08:25:22 UTC
> Roughly, I think it could be part of the CORB check directly: https://fetch.spec.whatwg.org/#corb-check. Yes, sorry. I meant that pseudospec to be a new step 7 of the CORB check. Not applying to redirects would mean that redirect targets would be potentially revealed to the renderer process (at least in Blink, as we still do checks like CSP in the renderer: eventually it'll hop up to the browser, but it's a ton of work we haven't done yet). That might be a reasonable tradeoff against simplicity? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/687#issuecomment-390133892
Received on Friday, 18 May 2018 08:25:22 UTC