Idea we've been toying with: How about allowing anonymous (i.e. no credentials or cookies) cross-origin XHR/fetch? Note: This assumes additional guard rails for localhost/intranet/non-routables, plus a simple opt-out.
-
Show this thread
-
Replying to @lcamtuf
Well, the idea is that the enterprise would have full control over blocking via policy, in addition to any default restrictions.
3 replies 0 retweets 1 like
Replying to @justinschuh @lcamtuf
iow, poke a new hole in the SOP and rely on network admins to plug it?
6:05 PM - 18 Mar 2018
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.