- From: Jonas Sicking <notifications@github.com>
- Date: Tue, 22 Mar 2016 13:41:14 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Tuesday, 22 March 2016 20:41:41 UTC
Yes, I think the use-case is contrived. Doesn't feel common enough to add specific features for. It's even more contrived when you consider the fact that it's only useful for requests that include credentials which is a minority use case in and of itself. It's also supported through multiple other means: * Use separate URI spaces for same-origin and cross-origin clients. * Check the origin header and don't output the sensitive data for cross-origin requests. * Use some form of authentication tokens and only include the sensitive data when that token is present. Make sure to include the token for same-origin requests. And yes, I understand that `*` and the `Suppress` header can work together. But so far the only use cases for doing so are very contrived and can be solved through multiple other means. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/253#issuecomment-200013535
Received on Tuesday, 22 March 2016 20:41:41 UTC