On Thu, Jul 3, 2014 at 11:35 AM, Mike West <mkwst@google.com> wrote: > By "get a hold of it", I guess you mean not returning an opaque response for > known cross-origin data? And allowing things like canvas reads for images > and unsanitized error handling for script? > > *shrug* Makes sense, I suppose. If you know what the content is already, > then the risks which prevent us from letting you play with it are certainly > less pressing. Yeah I'm not sure if we should do this, really. I'm led to believe most CDNs are happy with CORS these days. But if there's still a significant fraction that is not, this might be a way out. -- http://annevankesteren.nl/Received on Thursday, 3 July 2014 09:40:01 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:39 UTC