Re: [SRI] Requiring CORS for SRI

On Wed, May 6, 2015 at 8:17 PM, Tanvi Vyas <> wrote:
> Thoughts?

Please stop poking holes in SOP. If we think SOP is no longer
appropriate we should do something about that, but we should not poke
holes in it for each new thing that comes along. For now advocating
proper use of CORS seems like better use of our time.

The specification should probably point out that for resources behind
a firewall, CORS should only be used with an origin (not *) and only
for origins that are behind the same firewall.


Received on Thursday, 7 May 2015 04:35:56 UTC