Re: [w3ctag/design-reviews] CORS Requirement for 3rd party sources in <model> tag (Issue #775) from Peter Linss on 2022-10-12 (public-webapps-github@w3.org from October 2022)

From: Peter Linss <notifications@github.com>
Date: Wed, 12 Oct 2022 09:32:35 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/775/1276448520@github.com>

Non-CORS resources aren't so much a 'fundamental part of the web' as legacy behavior that was implemented before all the security risks were fully understood. We unfortunately need to continue to support those to avoid breaking much of the existing content, but we'd deprecate them if we could. If we were to add image, video, audio, and script elements to the web today, we'd require CORS for those too.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/775#issuecomment-1276448520
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/775/1276448520@github.com>

Received on Wednesday, 12 October 2022 16:32:47 UTC