- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 9 Jun 2015 06:54:04 +0200
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: "Nottingham, Mark" <mnotting@akamai.com>, Bjoern Hoehrmann <derhoermi@gmx.net>, WebAppSec WG <public-webappsec@w3.org>, WebApps WG <public-webapps@w3.org>
On Tue, Jun 9, 2015 at 6:42 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > The security properties bother me a little. Alt-Svc is showing us > that we can't just define a header field like that without some > serious analysis. Same goes for a site-wide file. See crossdomain.xml. However, either coupled with "credentials mode = omit" seems okayish... Mark, do these CDN requests mention credentials? -- https://annevankesteren.nl/
Received on Tuesday, 9 June 2015 04:54:33 UTC