- From: Titouan Rigoudy <notifications@github.com>
- Date: Fri, 13 Aug 2021 02:50:37 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 13 August 2021 09:50:50 UTC
Hi @torgo! Sorry for the late response, I was in and out of the office for a bit and dropped this. A bunch of things have changed - all in all I'd say at least half of the spec was rewritten. More specifically: The Fetch integration has been re-written to refer to the latest Fetch spec version (as opposed to a years-old version). It is much closer to a real patch, with concrete definitions, less handwavy overall. The IP address space classification has been re-worked to be simpler and drop the dependency on the IANA special address registry, per suggestions by network experts / the IETF. The secure context restriction is now specified separately from the CORS preflights, allowing a more straightforward mapping of Chromium changes to parts of the spec (I'm trying to ship the secure context restriction for subresources). The HTML integration section has been dramatically simplified by relying on the policy container work by @antosart to implement inheritance correctly. Finally, discussions of both proxy and cache handling have been significantly expanded to explain the risks and tradeoffs involved. HTH! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/572#issuecomment-898336982
Received on Friday, 13 August 2021 09:50:50 UTC