Re: [fetch] referrer same-origin constraint is a footgun for people trying to "copy" a Request (#245) from Anne van Kesteren on 2016-03-12 (public-webapps-github@w3.org from March 2016)

From: Anne van Kesteren <notifications@github.com>
Date: Sat, 12 Mar 2016 00:38:26 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/245/195696976@github.com>

Bad header values in CORS result in a network error. Forbidden headers throw in the Headers classd (and invalid values are accepted without question, not ignored).

I wonder what @jakearchibald and @domenic think about this.

(Note that saying this is about setter/getter is confusing, since these attributes only have a getter. You can influence what they return through the constructor, but there's a number of reasons why you cannot create all the kinds of objects a user agent can.)

---
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/245#issuecomment-195696976

Received on Saturday, 12 March 2016 08:38:56 UTC