Re: [w3c/ServiceWorker] Introduce Cross-Origin Embedder Policy (#1516) from Anne van Kesteren on 2020-06-02 (public-webapps-github@w3.org from June 2020)

From: Anne van Kesteren <notifications@github.com>
Date: Tue, 02 Jun 2020 06:56:04 -0700
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/pull/1516/review/422701203@github.com>

@annevk commented on this pull request.



>                  1. [=list/For each=] |requestResponse| of |requestResponses|:
+                    1. If |requestResponse|'s [=response/type=] is "<code>opaque</code>" and [=cross-origin resource policy check=] with |request for CORP check| and |requestResponse| returns <b>blocked</b>, then reject |promise| with a `TypeError` and abort these steps.

Can we provide a better abstraction for this caller whereby you give an origin and a response and get an answer?

It's also not clear to me that the current algorithm does the right thing here as it's not using the URL from the response to compare with the request origin, but rather the URL of the request.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/pull/1516#pullrequestreview-422701203

Received on Tuesday, 2 June 2020 13:56:17 UTC