- From: Mike West <notifications@github.com>
- Date: Wed, 25 Nov 2020 08:06:29 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 25 November 2020 16:06:42 UTC
> because Firefox doesn't seem to support CORB. That's a little surprising. @annevk, is Firefox pushing forward on [ORB](https://github.com/annevk/orb) instead? Something in this area seems necessary. > I think we need to do a better job of explaining what developers need to do (i.e. supply XFO AND CORP to all sensitive responses). I think we'd be better served by spending time on changing the default behavior so that developers don't have to think about the risk unless they actually want their resources to be embeddable: https://github.com/mikewest/embedding-requires-opt-in/ is something I'd like us to do in the near future, for example. Doing the same for CORP is a huge lift, but perhaps there are alternatives I haven't thought about. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1113#issuecomment-733799610
Received on Wednesday, 25 November 2020 16:06:42 UTC