Re: [whatwg/fetch] Only append Authorization if none is set (#198) from youennf on 2016-07-27 (public-webapps-github@w3.org from July 2016)

From: youennf <notifications@github.com>
Date: Wed, 27 Jul 2016 05:50:06 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/198/235574812@github.com>

It seems strange to send a piece of data which is usually scoped by the server URL.

WebKit is dropping Authorization header whenever going from a server/origin A to a server/origin B, be it custom or not. It may be readded later on for server B, following more or less step 13 of https://fetch.spec.whatwg.org/#http-network-or-cache-fetch

Not dropping this custom header will preclude sending any valid Authorization header for server B that could be computed from pre-existing authentication entries).
Instead, an Authorization header that we know is irrelevant to server B will be sent.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/198#issuecomment-235574812

Received on Wednesday, 27 July 2016 12:50:44 UTC