Re: [fetch] force-Origin-header flag set for no-cors requests (#91) from Takeshi Yoshino on 2015-08-06 (public-webapps-github@w3.org from August 2015)

From: Takeshi Yoshino <notifications@github.com>
Date: Wed, 05 Aug 2015 23:10:40 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/91/128261982@github.com>

I see. Then, it seems we preserve the flag when creating a Request from another Request. Hm.

Currently, Chrome sends the Origin header even on same origin requests when the method is not GET or HEAD. This seems to be conforming to the current spec for non-GET/HEAD and violating for GET/HEAD. This behavior originates from this WebKit patch made in 2008: https://bugs.webkit.org/show_bug.cgi?id=20792.

I just noticed that you have discussion at https://bugzilla.mozilla.org/show_bug.cgi?id=446344 for Firefox.

As far as I know, currently Firefox doesn't send the Origin header on same origin GET/HEAD/POST/PATCH request.

---
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/91#issuecomment-128261982

Received on Thursday, 6 August 2015 06:11:09 UTC