- From: Marijn Kruisselbrink <notifications@github.com>
- Date: Tue, 17 May 2016 10:29:16 -0700
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc:
Received on Tuesday, 17 May 2016 17:29:44 UTC
Hmm, yeah. Aligning with when and how the Origin header gets emitted probably makes sense. Although it does seem surprising to me that it seems that header gets emitted even for no-referrer requests? Doesn't that kind of defeat the purpose of having both `no-referrer` and `origin` referrer policies, as the origin will pretty much always be exposed anyway? Also not sure when the fetch standard actually decides not to emit the Origin header. As far as I can tell this is only done for a select few situations in the HTML spec (for downloads, plugins, and app-cache manifests or something like that)? --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/899#issuecomment-219792374
Received on Tuesday, 17 May 2016 17:29:44 UTC