Re: [w3c/FileAPI] Proposal: Add a crossOrigin option to Blob (Issue #192) from Jun on 2023-02-23 (public-webapps-github@w3.org from February 2023)

From: Jun <notifications@github.com>
Date: Thu, 23 Feb 2023 13:49:42 -0800
To: w3c/FileAPI <FileAPI@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/FileAPI/issues/192/1442475579@github.com>

> That still doesn't address the authority conflict: [#192 (comment)](https://github.com/w3c/FileAPI/issues/192#issuecomment-1427744099). I don't think we can ignore that.

What do you consider "circumvent sandboxing"?
If that means CSP restrictions, is opt-in like `frame-src blob: 'allow-unique-blob'` enough to satisfy your concern?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/FileAPI/issues/192#issuecomment-1442475579
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/FileAPI/issues/192/1442475579@github.com>

Received on Thursday, 23 February 2023 21:49:55 UTC