Sorry for my ignorance but, in the case of Stealing cross-origin resources, I don't get the point of the attack. If have the ability to embed the image in step 1, why to not simply send this to evil.com for further processing? How it is possible for evil.com to get access to protected resources?
On Tue, Apr 25, 2017 at 8:04 PM, Ehsan Akhgari <[email protected]> wrote: > On 04/25/2017 10:25 AM, Andrew Overholt wrote: > >> On Tue, Apr 25, 2017 at 9:35 AM, Eric Rescorla <[email protected]> wrote: >> >> Going back to Jonathan's (I think) question. Does anyone use this at all >>> in >>> the field? >>> >>> Chrome's usage metrics say <= 0.0001% of page loads: >> https://www.chromestatus.com/metrics/feature/popularity#Ambi >> entLightSensorConstructor. >> > > This is the new version of the spec which we don't ship. > > > We are going to collect telemetry in >> https://bugzilla.mozilla.org/show_bug.cgi?id=1359124. >> _______________________________________________ >> dev-platform mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-platform >> > > _______________________________________________ > dev-platform mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-platform > -- <salva /> _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
