- From: Rik Cabanier <notifications@github.com>
- Date: Fri, 14 Oct 2022 09:06:00 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 14 October 2022 16:06:12 UTC
> > As @plinss mentioned, we have to do that anyway for legacy technologies like "image, video, audio, and script elements" . > No, those are very different. > If it's the same as those you'd have to use CORS as otherwise attackers can get at the data way too easily. How are those very different? if a model is not fetched with CORS, the site will not have access to its contents, just like images and video. The site *might* get the model size or the length of the main animation but otherwise won't get more information (unless the model was fetched with CORS). Sorry to be so stubborn but I would really like to know what this security risk is... -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/775#issuecomment-1279194030 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/775/1279194030@github.com>
Received on Friday, 14 October 2022 16:06:12 UTC