Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Editorial: Add guidelines for external specs about CORS, cross-origin isolation and TAO #1806

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update fetch.bs
Co-authored-by: Dominic Farolino <domfarolino@gmail.com>
  • Loading branch information
noamr and domfarolino authored Jan 28, 2025
commit d38a22870ebb801668cee195283049d0d4862f4a
2 changes: 1 addition & 1 deletion fetch.bs
Original file line number Diff line number Diff line change
Expand Up @@ -9122,7 +9122,7 @@ read their contents.
providing a `<a http-header><code>Cross-Origin-Resource-Policy</code></a>` header (CORP). By
supplying the appropriate CORP header, a resource can opt out from being embedded by a different
site or origin. For example, this can be used to protect an image's <a>natural dimensions</a> from
being read by an embedded.
being read by an embedder.

<p>This protection is especially important when exposing powerful features to the web platform, that
gain enough access to the underlying platform to read cross-origin resources using attacks like
Expand Down