- From: Martin Thomson <notifications@github.com>
- Date: Wed, 13 Sep 2023 06:06:45 -0700
- To: w3c/push-api <push-api@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 13 September 2023 13:06:51 UTC
It is absolutely not secure to change the content type, which is not authenticated, and reinterpret the content of a message (which is raw binary) differently as a result. That creates what could turn into attacks on sites. That is why I think that we will have to make at least some revisions to the format of messages. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/360#issuecomment-1717600347 You are receiving this because you are subscribed to this thread. Message ID: <w3c/push-api/issues/360/1717600347@github.com>
Received on Wednesday, 13 September 2023 13:06:51 UTC