Re: [whatwg/fetch] Mark Accept-* request headers as simple / safe (#326)

Isn't this proposal saying that you should be able to override CORS protections just by smuggling your header name with an `Accept-` prefix?

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/326#issuecomment-228115934

Received on Thursday, 23 June 2016 17:05:34 UTC