- From: Anne van Kesteren <notifications@github.com>
- Date: Mon, 09 Dec 2019 08:15:38 -0800
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 9 December 2019 16:15:40 UTC
There shouldn't be a COEP/CORP check for non-opaque responses (such as a CORS response). Our thinking about this so far has been that if the opaque response only holds a handle to the actual secret and there's no way for the secret to enter the content process there's no problem and no need for API changes. But I don't care strongly. cc @asutherland @perryjiang -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1490#issuecomment-563312964
Received on Monday, 9 December 2019 16:15:40 UTC