Mike West

> I'm not arguing you're incorrect, @mikewest is. @mikewest is incorrect? Or @mikewest is arguing that @pwnall is incorrect? > And I'm willing to be persuaded by him that it's...

> I don't think features that would only be around for a short while are worth adding to the platform. We need to design for the long term. A relevant...

> I don't think doing both is responsible. There's a cost whenever we add to the platform. In terms of implementation, documentation, getting folks to use the API, etc. If...

1. Indeed. I look forward to chatting with more folks on the topic! 2. I don't agree. Like, at all. :) Given the timelines we're looking at (and the complexity...

> Is it possible to create an API that is useful both for cookies in the short term and for whatever people are considering to replace them in the long...

After a few conversations with @camillelamy and @arturjanc, I wonder if we could take an alternate approach to those proposed above by hardening `COOP: same-origin-allow-popups` until we considered it solid...

> To be clear, even if the top-level window is cross-origin, that doesn't mean that all agent clusters "in that window" are. Yes, I should have been more clear about...

/cc @csreis, as he's concerned about the same issue Anne noted.

I would not be sad if we blocked redirect responses based on their MIME types. That said, I think we'd need to gather some data to determine how web-compatible it...

If I understand the proposal correctly, this would have the effect of disabling meaningful access controls for resources that `.onion` pages wish to access (since any cross-origin response to a...