- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 28 Jan 2016 07:18:50 -0800
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Mike West <mkwst@google.com>, WebAppSec WG <public-webappsec@w3.org>, Marijn Kruisselbrink <mek@google.com>
On Wed, Jan 27, 2016 at 8:15 PM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> Can then we reduce this problem to one of developer education?
That was our outcome. Part of that was requiring this explicit
"visible" wrapper on the response to make it perfectly clear you are
now sharing what is in it. Exact shape TBD, but something like
event.respondWith(Response.makeVisible(fetch(...), { origin: ...,
headers: [ ... ] }))
--
https://annevankesteren.nl/
Received on Thursday, 28 January 2016 15:19:19 UTC