HTTPS = "Is the response untampered & from the expected sender?"
CORS = "Can I access the content of this resource?"
CSP = "Only allow requests that look like this…"
SRI = "Only allow content that looks like this…"
CORB = "Don't allow my data into another origin's process"
— Jake Archibald (@jaffathecake) June 12, 2018
Jake Archibald hat einen interessanten Browser-Bug entdeckt.