On Wed, Jan 6, 2016 at 9:50 PM, Robert O'Callahan <rob...@ocallahan.org> wrote: > Where would you put that flag?
Simplest would be an HTTP header I suppose. > I think this has basically the same problems: very difficult to specify and > police, and fragile when the content changes. At least enforcing CORS-same-origin would be somewhat trivial from a specification perspective since all fetches go through Fetch. Limiting plugins and other affected features would be some added conditionals here and there. I don't see how content changes would have an impact since you can only change the policy through navigation at which point you'd have a new global and such anyway. -- https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform