- From: Edgar Chen <notifications@github.com>
- Date: Thu, 14 May 2020 16:42:59 -0700
- To: heycam/webidl <webidl@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 14 May 2020 23:43:12 UTC
> > ... we can have only one check: whether descendants have `[Context]` or not. > > This works for secure transport and cross-origin isolation, as the latter implies the former. Injection mitigation is currently orthogonal, evaluating whether a CSP is present, not whether the context is securely delivered. Perhaps we'd say that any contextual exposure would require secure contexts? Another point is that do we allow a interface with `SecureContext` to contain a member with `CrossOriginIsolated` or a interface with `CrossOriginIsolated` inherits from another interface with `SecureContext`? It seems they are valid use cases to me. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/heycam/webidl/pull/883#issuecomment-628942873
Received on Thursday, 14 May 2020 23:43:12 UTC