Re: [w3ctag/design-reviews] CORS Requirement for 3rd party sources in <model> tag (Issue #775) from Peter Linss on 2022-10-12 (public-webapps-github@w3.org from October 2022)

From: Peter Linss <notifications@github.com>
Date: Wed, 12 Oct 2022 08:54:19 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/775/1276401348@github.com>

@cabanier The issue was closed by consensus of the TAG.

The answer is that CORS is the de-facto default security mechanism of the web and there is string consensus among several groups (including the TAG) that all new mechanisms that fetch external resources should use it by default. If something new is going to be added to the platform and wants to opt-out of CORS, we feel the onus should be to justify that position.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/775#issuecomment-1276401348
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/775/1276401348@github.com>

Received on Wednesday, 12 October 2022 15:54:31 UTC