W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2015

Re: [SRI] Requiring CORS for SRI

From: Anne van Kesteren <annevk@annevk.nl>
Date: Sat, 9 May 2015 08:40:07 +0200
Message-ID: <CADnb78hyosKEvQvMj4zqs2pDX9R=K136sHKe0MY41Fc2SFNGig@mail.gmail.com>
To: Austin William Wright <aaa@bzfx.net>
Cc: Joel Weinberger <jww@chromium.org>, Wendy Seltzer <wseltzer@w3.org>, Frederik Braun <fbraun@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
On Sat, May 9, 2015 at 8:33 AM, Austin William Wright <aaa@bzfx.net> wrote:
> Any anonymous, SRI'd request I can make to a remote server, I can proxy
> through my own server.

Actually no, you can't. That's why we have SOP.


-- 
https://annevankesteren.nl/
Received on Saturday, 9 May 2015 06:40:31 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC