[whatwg/fetch] Add `Last-Event-ID` as CORS-safelisted request-header (#597) from Anne van Kesteren on 2017-09-04 (public-webapps-github@w3.org from September 2017)

From: Anne van Kesteren <notifications@github.com>
Date: Mon, 04 Sep 2017 10:33:12 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/597@github.com>

It turns out that you can set the Last-Event-ID request header to arbitrary values and get it across origins. That seems like sufficient reason to safelist it and hopefully make it clear to server administrators to pay extra attention to this header.

Tests: ...

Fixes #568.
You can view, comment on, or merge this pull request online at:

  https://github.com/whatwg/fetch/pull/597

-- Commit Summary --

  * Add `Last-Event-ID` as CORS-safelisted request-header

-- File Changes --

    M fetch.bs (1)

-- Patch Links --

https://github.com/whatwg/fetch/pull/597.patch
https://github.com/whatwg/fetch/pull/597.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/597

Received on Monday, 4 September 2017 17:33:38 UTC