Re: [w3ctag/design-reviews] CORS-RFC1918 (#572)

I filed https://github.com/WICG/private-network-access/issues/42 on user consent.

The preflight shouldn't result in new information leakage. I don't think it changes anything as far as service enumeration goes.

There is an open issue on requiring the preflight whenever you go across origins on non-public addresses, but it would likely result in significant breakage so that's not part of the initial plan.

It seems a lot of the remaining concerns are about somehow conveying the limitations of this approach clearly, though it's not clear to me if that mainly pertains to prose or also naming. (And if the latter, what better names would be.)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/572#issuecomment-818621989

Received on Tuesday, 13 April 2021 10:15:01 UTC