Re: Subresource Integrity and fingerprinting

On Thu, Jan 9, 2014 at 8:16 AM, Mike West <mkwst@google.com> wrote:
> Relying on CORS assumes that any sensitive data that should be available
> cross-origin would have appropriate headers applied to any response.

It's more complicated as you need to vary the CORS headers based on
the request ("*" no longer works), but that is typically the case for
sensitive data already.


-- 
http://annevankesteren.nl/

Received on Thursday, 9 January 2014 13:20:13 UTC