Combat Side-Channel Attacks with Cross-Origin Read Blocking
Find out what those CORB errors mean and how CORB protects your application from hardware-layer vulnerabilities.
James Weiler
when you say “…What happens if we make a cross-origin call to an image or a script that turns out not to be an image or a script at all but a JSON file containing customer credit card information or a medical record?”, are you saying this abuse case requires a web site that has no authentication and has JSON files with sensitive data available to anyone on the internet?