Re: [fetch] The reason why Access-Control-Request-Headers includes simple headers (#249) from Jonas Sicking on 2016-03-16 (public-webapps-github@w3.org from March 2016)

From: Jonas Sicking <notifications@github.com>
Date: Wed, 16 Mar 2016 11:18:54 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/249/197467218@github.com>

My recollection is that I implemented what the spec said at the time when the implementation was written. But that could be wrong.

Generally speaking, I think we should include the headers in `Access-Control-Request-Headers` that we require to be returned in `Access-Control-Allow-Headers`. No more and no less.

So in situations where we require `Access-Control-Allow-Headers` to contain `content-type`, we should also include it in `Access-Control-Request-Headers`.

And if we don't require `accept` in `Access-Control-Allow-Headers`, then we should also not include it in `Access-Control-Request-Headers`.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/249#issuecomment-197467218

Received on Wednesday, 16 March 2016 18:19:21 UTC