- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 18 Feb 2016 01:03:01 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Thursday, 18 February 2016 09:03:28 UTC
@tyoshino in part it really depends on when the header is set. Is it set at the "feature level", the "fetch level", the "service worker level", or the "just prior to network level". The theoretical security problem with adding headers to the simple header list is that they can then be set to any value, thereby potentially compromising the security of a server which would not be affected otherwise (since it assumes that for logged in users the value will always be correct). I would love to figure out what the best solution for that is. @igrigorik wants to know it too I think. And so does @jakearchibald. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/52#issuecomment-185608048
Received on Thursday, 18 February 2016 09:03:28 UTC