- From: Mike West <notifications@github.com>
- Date: Tue, 22 May 2018 01:47:57 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 22 May 2018 08:48:20 UTC
> The question is, this is an acceptable data leak? It seems like the data you can infer from the error is fairly narrow: "This resource had an interesting MIME type." Are there cases where that's revealing more than we'd like? Also: if we expand the conditions under which we return a network error (e.g. by making that `From-Origin`'s behavior as well), then we further reduce the granularity of the assumptions an attacker can make. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/727#issuecomment-390912392
Received on Tuesday, 22 May 2018 08:48:20 UTC