- From: Yves Lafon <notifications@github.com>
- Date: Wed, 01 Apr 2020 06:33:43 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 1 April 2020 13:33:56 UTC
To me, what might cause confusion is the deployment of extra HTTP headers, like COOP for [SecureContext=Isolation]. The text says "the page needs to", which ask for a global evaluation of the need, but I fear that some people will find recipes like "for this API to work the way you want, set COOP to this and be done" instead of figuring out if it can be done another way to preserve stricter security settings. The fact that extra parameters on [SecureContext] are per API and page modifiers per... page might be a source of confusion. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/471#issuecomment-607251951
Received on Wednesday, 1 April 2020 13:33:56 UTC