- From: Peter Linss <notifications@github.com>
- Date: Tue, 03 Mar 2020 14:19:43 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 3 March 2020 22:19:55 UTC
Yves and I looked at this during our Wellington F2F. In general we're happy with the approach, our primary concerns are about how the additional secur*er* modes will be invoked. It seems like a proliferation of additional HTTP headers (COOP, COEP, et al) and their interactions is getting to be fairly complex and will be difficult for people to reason about and deploy correctly. While not directly part of this issue, we'd like to see some work to consolidate and harmonize the mechanisms that would trigger the different modes. e.g. can 'Isolation' be governed by a single CSP like header, and CSP cover all of 'Injection'? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/471#issuecomment-594200412
Received on Tuesday, 3 March 2020 22:19:55 UTC