Thanks Philippe!
That's very helpful.
I wonder if there is a way to somehow capture some of this explanation in
the document to make sure implementers are clear on this issue?
Otherwise, I am fine with your explanation.
Regards,
Rifaat
On Tue, Dec 17, 2024 at 11:22 AM Philippe De Ryck <
phil
> On 17 Dec 2024, at 14:58, Rifaat Shekh-Yusef wrote:
>
> Thanks Philippe!
>
> Just to make sure I understand, with regards to the following statement:
>> When the attacker manages to send such a malicious request without a
>> preflight, the server would process it,...
>
> The server will proc
Thanks Philippe!
Just to make sure I understand, with regards to the following statement:
> When the attacker manages to send such a malicious request without a
> preflight, the server would process it,...
The server will process it because of a bug on the server? or will it
always process such
Hi Rifaat,
Thank you for the detailed review comments. It took me a while to find some
space in my schedule, but I’ve gone through them and addressed most of them in
the document. There is one comment that I wanted to follow up here …
> Section 6.1.3.3.2
> I might be missing something here:
>
