Skip to content

Commit 503e3b7

Browse files
fmarierfmarier
committed
Replace CORB link with Chromium explainer
CORB was removed from Fetch in 2022 and so the existing links no longer work: whatwg/fetch#1441
1 parent 7e2d1d4 commit 503e3b7

File tree

1 file changed

+7
-3
lines changed

1 file changed

+7
-3
lines changed

index.bs

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,6 @@ urlPrefix: https://html.spec.whatwg.org/; spec: HTML;
2727
text: x-frame-options; url: multipage/browsing-the-web.html#the-x-frame-options-header
2828
urlPrefix: https://fetch.spec.whatwg.org/; spec: FETCH; type: dfn
2929
text: cross-origin resource policy; url: #http-cross-origin-resource-policy
30-
text: cross-origin read blocking; url: #corb
3130
urlPrefix: https://tc39.es/ecma262/; spec: ECMA262; type: interface
3231
text: SharedArrayBuffer; url: #sec-sharedarraybuffer-objects
3332
urlPrefix: https://tools.ietf.org/html/rfc7231; spec: RFC7231; type: http-header
@@ -141,6 +140,11 @@ urlPrefix: https://fetch.spec.whatwg.org/; spec: FETCH; type: http-header
141140
"authors": [ "Artur Janc" ],
142141
"date": "2020-12"
143142
},
143+
"corb": {
144+
"href": "https://chromium.googlesource.com/chromium/src/+/HEAD/services/network/cross_origin_read_blocking_explainer.md",
145+
"title": "Cross-Origin Read Blocking (CORB)",
146+
"authors": [ "The Chromium Authors" ]
147+
},
144148
"orb": {
145149
"href": "https://github.com/annevk/orb",
146150
"title": "Opaque Response Blocking (ORB, aka CORB++)",
@@ -247,7 +251,7 @@ TL;DR {#tldr}
247251
necessary.
248252

249253
5. **Prevent MIME-type confusion attacks** and increase the robustness of passive defenses like
250-
[=cross-origin read blocking=] (CORB) /
254+
<a href="https://chromium.googlesource.com/chromium/src/+/HEAD/services/network/cross_origin_read_blocking_explainer.md">cross-origin read blocking</a> ([[CORB]]) /
251255
<a href="https://github.com/annevk/orb">opaque response blocking</a> ([[ORB]]) by setting
252256
correct `Content-Type` headers, and globally asserting `X-Content-Type-Options: nosniff`.
253257

@@ -274,7 +278,7 @@ seem generally applicable:
274278

275279
2. Subresources should opt-out of MIME type sniffing by sending an
276280
<a http-header>`X-Content-Type-Options`</a> header with a value of `nosniff`. This increases the
277-
robustness of MIME-based checks like [=cross-origin read blocking=] (CORB) /
281+
robustness of MIME-based checks like <a href="https://chromium.googlesource.com/chromium/src/+/HEAD/services/network/cross_origin_read_blocking_explainer.md">cross-origin read blocking</a> ([[CORB]]) /
278282
<a href="https://github.com/annevk/orb">opaque response blocking</a> ([[ORB]]), and mitigates
279283
some well-known risks around type confusion for scripts.
280284

0 commit comments

Comments
 (0)