Hi everybody, I'd like a position on CORB and intend to implement it in the future. This is already part of the Fetch Standard[0] and should be relatively straightforward.
It effectively blocks cross-origin requests for resources they don't make sense in their context. For example an `img` element should never get a response that contains HTML and in that case will not return the HTML data. This can prevent unintentional data leaks. This is implemented by Chromium for years now and I don't believe will be invasive. [0] https://fetch.spec.whatwg.org/#corb _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev