Re: [fetch] Should we send an Origin header for no-cors fetches? (#225) from Anne van Kesteren on 2016-02-28 (public-webapps-github@w3.org from February 2016)

From: Anne van Kesteren <notifications@github.com>
Date: Sun, 28 Feb 2016 03:52:13 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/225/189851618@github.com>

Note that Chrome also includes this header for "navigate" when the method is non-GET. Per @tyoshino in https://github.com/whatwg/xhr/issues/31 @hiroshige-g would look into when exactly we want to include the `Origin` header.

A better design might be to not have this flag and all and instead specify in https://fetch.spec.whatwg.org/#concept-http-network-or-cache-fetch exactly under which conditions it is to be included (request mode "cors", request mode "navigate" and request method non-GET, ...).

@jeisinger might also have thoughts on this.

---
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/225#issuecomment-189851618

Received on Sunday, 28 February 2016 11:52:40 UTC