Re: [whatwg/fetch] Proposal: `Sec-Site` should capture information about the requester of a resource (#700) from Anne van Kesteren on 2018-04-16 (public-webapps-github@w3.org from April 2018)

From: Anne van Kesteren <notifications@github.com>
Date: Mon, 16 Apr 2018 16:44:20 +0000 (UTC)
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/700/381670001@github.com>

@johnwilander same-site does mean eTLD+1, but cross-origin != cross-site. What @mikewest was trying to demonstrate is that sometimes having the actual origin is useful to make decisions, even if it's same-site or cross-site. As for Origin Policy, I think folks had thoughts on removing the statefullness somehow, but no progress has been made recently. The draft as it stands today is known not to work for Safari.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/700#issuecomment-381670001

Received on Monday, 16 April 2018 16:44:47 UTC