Re: [whatwg/fetch] Response filter escalation (#535)

> Doesn't it also mean that header information (and possibly authentication information) would be exposed for those cross-origin requests?

No. Only headers set by the creator of the request.

> It is safe, but it seems a bit surprising to me (and I would guess devs).

I'm pretty sure we discussed this model at length with @jakearchibald et al.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/535#issuecomment-298835409

Received on Wednesday, 3 May 2017 06:53:34 UTC