- From: Anne van Kesteren <notifications@github.com>
- Date: Wed, 23 Mar 2016 01:16:03 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Wednesday, 23 March 2016 08:16:25 UTC
@sicking, the agreement for `Access-Control-Expose-Headers: *` does not extend to credentialed requests? I guess that makes sense. It still seems sensible to have something like `Access-Control-Exclude-Headers` (easier to spell) to me as a crude tool for the developer guarding the network boundary. Without such a tool they'd need to manually filter responses which seems a lot more error prone. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/253#issuecomment-200239599
Received on Wednesday, 23 March 2016 08:16:25 UTC