If you work on security & are interested in suborigins (https://w3c.github.io/webappsec-suborigins/ …), speak up! Browser vendors want to gauge community interest
-
-
Yeah…that was what I was getting at
. -
I’ve considered implementing the same subdomain setup for GitHub, but feel like suborigins would be the cleaner implementation long term.
-
Definitely. We also considered CSP: sandbox delivered as an HTTP header for this case, but that introduces a whole slew of other problems.
-
don't get me started; we shipped this (see http://www.dropbox.com/enterprise ) but its super hacky.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
