- From: roryhewitt <notifications@github.com>
- Date: Fri, 06 Oct 2017 18:35:26 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 6 October 2017 18:36:01 UTC
Currently, the fetch spec defines **credentials** as follows: > Credentials are HTTP cookies, TLS client certificates, and authentication entries. with **authentication entries** further defined as follows: > An authentication entry and a proxy-authentication entry are tuples of username, password, and realm, associated with one or more requests. Two questions have been raised by my customers: - From a real-world perspective, when server developers add `Access-Control-Allow-Credentials` they're thinking of cookies and maybe the `Authorization` request header. Is there a comprehensive list of other authentication entries? - What is the process (if any) of specifying whether any new headers etc. should be added to the list of authentication entries? When I checked the fetch spec example https://fetch.spec.whatwg.org/#example-cors-with-credentials (which I originally wrote, with editing by @annevk!) it uses the obvious example of Set-Cookie headers being ignored. Interested to know what other cases might apply. From a server-developer POV, what else would eb ignored in the response - everything? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/612
Received on Friday, 6 October 2017 18:36:01 UTC