[Editorial] Improve section 4.5 with specific mention of using CORS when retrieving target URLs #84
Description
From @hildjj at https://groups.google.com/forum/?_escaped_fragment_=msg/mozilla.dev.platform/RPu2oIc70Ug/GuZXnR1JAwAJ#!msg/mozilla.dev.platform/RPu2oIc70Ug/GuZXnR1JAwAJ
Summarized:
Section 4.5 (Limit access to protected resources) should, instead of requiring server administrators to take precautions about dealing with protected resources that their server might have access to, instead recommend using CORS to determine whether resources are public or a protected resource.