[webkit-dev] Request for Position: Cross-Origin-Resource-Blocking (CORB)
Patrick Griffis
pgriffis at igalia.com
Wed Mar 23 10:18:27 PDT 2022
Hi everybody,
I'd like a position on CORB and intend to implement it in the future.
This is already part of the Fetch Standard[0] and should be relatively
straightforward.
It effectively blocks cross-origin requests for resources they don't
make sense in their context. For example an `img` element should never
get a response that contains HTML and in that case will not return the
HTML data. This can prevent unintentional data leaks.
This is implemented by Chromium for years now and I don't believe will
be invasive.
[0] https://fetch.spec.whatwg.org/#corb
More information about the webkit-dev
mailing list