Re: [fetch] Add new Access-Control-Suppress-Headers CORS response header (#253) from Jonas Sicking on 2016-03-18 (public-webapps-github@w3.org from March 2016)

From: Jonas Sicking <notifications@github.com>
Date: Fri, 18 Mar 2016 00:28:50 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/253/198239459@github.com>

Can you provide an example of when you wouldn't want a certain header to be exposed? But you still want to send that header to the client?

I.e. if there are certain headers that you know you don't want the client to see, why send them at all?

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/253#issuecomment-198239459

Received on Friday, 18 March 2016 07:29:17 UTC