- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 25 Sep 2018 00:56:43 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 25 September 2018 07:57:05 UTC
My understanding from Firefox is that a complete description of CORB would help, for implementation, for analysis, and for looking at potential further expansion. Having a non-normative description first would be a good first step. I wonder if https://mimesniff.spec.whatwg.org/ might be a good long term place. I see some potential for sharing there. E.g., if we detect a PDF, ZIP, or RAR resource we could also deny access straight away. And unless we expect CPU architecture to fix Spectre within the next five-ten years, I think we need a normative definition as well, as it defines the effective security boundary and it's good to be as clear and accurate about that as possible. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/681#issuecomment-424243734
Received on Tuesday, 25 September 2018 07:57:05 UTC