Re: [w3ctag/design-reviews] User Preference Media Features Client Hints Headers (#632) from François Beaufort on 2021-06-02 (public-webapps-github@w3.org from June 2021)

From: François Beaufort <notifications@github.com>
Date: Wed, 02 Jun 2021 00:07:20 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/632/852796423@github.com>

Technically, bytes are sent to the client during the [Critical Client Hint exchange](https://github.com/WICG/client-hints-infrastructure/blob/main/reliability.md#connection-level-settings). That being said, I’m not sure how **not** sending bytes relates to the threat model. Can you explain what you mean by “evasion for phishing” and how sending the information in request headers would help malicious servers there? A concrete example would be helpful.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/632#issuecomment-852796423

Received on Wednesday, 2 June 2021 07:24:00 UTC