- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 4 Apr 2018 13:39:26 +1000
- To: John Wilander <wilander@apple.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
> On 4 Apr 2018, at 1:22 pm, John Wilander <wilander@apple.com> wrote: > > We don’t want to cache or save specific locations since they may get stale, stateful things tend to become tracking vectors, and an HTML element sounds like a phishing injection vector. Fair enough. > We believe the three options we bring up work for most developers – serve the page straight from the URL, make an HTTP redirect, or make a client-side redirect. You don’t think so? Not at all, just exploring the space a bit. I think your arguments make sense, and the only potential downside I see is an origin that has multiple adminstrative domains -- which is a controversial topic itself, but does still pop up once in a while. Don't think it's a showstopper. > Are well-known URLs hard to support in general? Not particularly. Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Wednesday, 4 April 2018 03:39:55 UTC