- From: Mike West <notifications@github.com>
- Date: Mon, 13 Nov 2017 10:26:14 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 13 November 2017 10:26:37 UTC
I think all of these reports are JSON. OCSP request bodies are not. I think I'd be fine with adding something like `+json` to the MIME type if that would be helpful. My main concern is to distinguish these from other kinds of JSON requests that the server might be expecting in order to mitigate the risk of CSRF, which meant getting them off `application/json` directly. But `application/report+json` seems less likely to be a problem, even for less well-behaved applications. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/621#issuecomment-343876161
Received on Monday, 13 November 2017 10:26:37 UTC