Re: Subresource Integrity and fingerprinting

On Thu, Jan 9, 2014 at 8:16 AM, Mike West <> wrote:
> Relying on CORS assumes that any sensitive data that should be available
> cross-origin would have appropriate headers applied to any response.

It's more complicated as you need to vary the CORS headers based on
the request ("*" no longer works), but that is typically the case for
sensitive data already.


Received on Thursday, 9 January 2014 13:20:13 UTC