Closed acomminos closed 3 years ago
@shhnjk, PTAL. Thanks!
Browser builtins (such as
performance.now()
) may still be included when invoked from cross-origin scriptProbably better to mention that this is cross-origin no-cors scripts. Not sure if there is a better term in the spec
Sounds good. Updated, thanks!
As per the results of the WebAppSec WG discussion, remove the dependency on cross-origin isolation. Update the Privacy and Security section of the spec accordingly to illustrate the security considerations made.