In practice, enforcing this policy is not as simple as blocking all cross-origin loads: exceptions must be established for web features, like or which can target cross-origin resources for historical reasons, and for the CORS mechanism which allows some resources to be selectively read across origins.Ĭertain types of content, however, can be shown to be incompatible with all of the historically-allowed permissive contexts. The same-origin policy generally prevents one origin from reading arbitrary network resources from another origin. Appendix: Future work - protecting more resource types.Quantifying CORB impact on existing websites.Observable CORB impact on other web platform features.Determining whether a response is CORB-protected.What types of content are protected by CORB?. ![]() What kinds of requests are CORB-eligible?.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |