From 3e10db87cbc797387ebf05855a71a073084d1c12 Mon Sep 17 00:00:00 2001 From: Jonathan Hao Date: Mon, 5 Feb 2024 14:36:52 +0000 Subject: [PATCH] Update security_privacy_self_review.md for exposing Origin Fixes #124 --- security_privacy_self_review.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/security_privacy_self_review.md b/security_privacy_self_review.md index cc717b2..a1c2abb 100644 --- a/security_privacy_self_review.md +++ b/security_privacy_self_review.md @@ -23,6 +23,9 @@ laid out. See #41 for a discussion of these points. +Also, in the prelights we send the initiator's `Origin`. This was necessary to give servers in the private network enough information +to decide whether they should allow the requests from public. + ## 2. Is this specification exposing the minimum amount of information necessary to power the feature? Yes, apart from the above.