Re: [w3c/FileAPI] Proposal: Add a crossOrigin option to Blob (Issue #192) from Jun on 2023-02-24 (public-webapps-github@w3.org from February 2023)

From: Jun <notifications@github.com>
Date: Fri, 24 Feb 2023 15:21:45 -0800
To: w3c/FileAPI <FileAPI@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/FileAPI/issues/192/1444680671@github.com>

Got it. Given @annevk and @antosart both believe that opt-in is necessary, I've added an [opt-in requirement](https://github.com/shhnjk/Safe-Blob-URL/blob/main/README.md#is-there-a-way-to-block-cross-origin-blob-urls-in-iframe) for sites which enforces `frame-src` (and `default-src`).

I guess there were other naming concern about crossOrigin. Maybe `crossSite: true` or `unique: true` might be better?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/FileAPI/issues/192#issuecomment-1444680671
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/FileAPI/issues/192/1444680671@github.com>

Received on Friday, 24 February 2023 23:21:58 UTC