- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 30 Apr 2014 15:04:33 +0100
- To: Nils Goroll <slink@schokola.de>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Wed, Apr 30, 2014 at 2:56 PM, Nils Goroll <slink@schokola.de> wrote: > On 30/04/14 14:47, Anne van Kesteren wrote: >> It is. You could terminate the request if the Origin request header >> was not "correct". > > How should this work with CDNs and downstream caches? Whether downstream caches have a copy seems like enough of a headache for developers to not link your font inappropriately. It might sometimes work, and sometimes not. >> If we were to do this at this point we probably have to introduce a >> new header or force everyone to sniff user agents for support. >> However, there haven't been many requests for it. > > I don't understand how sniffing user-agents relates to this issue. If we introduce new syntax it would break older clients (they would not get anything). -- http://annevankesteren.nl/
Received on Wednesday, 30 April 2014 14:05:05 UTC