|
|
|
|
|
|
by patrickmeenan
831 days ago
|
|
|
How so? SDCH had sidechannel issues which is part of why it was unshipped. I don't know that someone won't find a way to attack it but the CORS requirement already requires that the dictionary and compressed-resource be readable and the dictionary has to be same-origin as the resources that it compresses. Combined they mitigate the known dictionary-specific attack vectors. |
|
|