Re: [whatwg/fetch] COEP:credentialless and the HTTP cache. (#1253)

I don't agree that the NPK is purely for privacy. It mitigates a number of XS-Leaks attacks. I suppose you are saying those are not mitigated (as much) if the user has a local caching proxy, which seems believable. It would be great to see more research in that area.

If anything this reads more like an argument to me that NPK should be exposed (somehow) for users with local caching proxies. (And NPK should be extended to cater for this use case.)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1253#issuecomment-893311169

Received on Thursday, 5 August 2021 09:31:49 UTC