23 Mar
2022
23 Mar
'22
5:18 p.m.
Hi everybody, I'd like a position on CORB and intend to implement it in the future. This is already part of the Fetch Standard[0] and should be relatively straightforward. It effectively blocks cross-origin requests for resources they don't make sense in their context. For example an `img` element should never get a response that contains HTML and in that case will not return the HTML data. This can prevent unintentional data leaks. This is implemented by Chromium for years now and I don't believe will be invasive. [0] https://fetch.spec.whatwg.org/#corb