Re: [w3ctag/design-reviews] CORS Requirement for 3rd party sources in <model> tag (Issue #775) from cynthia on 2022-10-12 (public-webapps-github@w3.org from October 2022)

From: cynthia <notifications@github.com>
Date: Wed, 12 Oct 2022 08:48:43 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/775/1276394061@github.com>

> What is the reason to require it?

CORS is fundamental to the web's security model.

Having yet another special case for fetching content on the web would not only require re-inventing the security foundations that fetch already provides. On top of that, if one thinks about the long term maintainability - having yet another fetch-like feels like adding technical debt to the platform, especially given that the user benefits from what we can see aren't particularly strong.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/775#issuecomment-1276394061
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/775/1276394061@github.com>

Received on Wednesday, 12 October 2022 15:48:55 UTC