- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 06 Aug 2021 04:40:54 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 6 August 2021 11:41:06 UTC
Fair, with multiple users there is more of a chance for an attacker to hit a false positive if there is an intermediary cache involved. I don't think the origin server is aware of the potential issues and also, they shouldn't have to be. See all the threads about SRI caching where people assume this kind of setup to be fine. There is no way we will convince the long tail of origin servers to do the right thing. Also, they might become the attacker and start using this once other state is gone. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1253#issuecomment-894201759
Received on Friday, 6 August 2021 11:41:06 UTC