Re: [whatwg/fetch] Proposal: `Sec-Site` should capture information about the requester of a resource (#700) from John Wilander on 2018-04-16 (public-webapps-github@w3.org from April 2018)

From: John Wilander <notifications@github.com>
Date: Mon, 16 Apr 2018 16:47:44 +0000 (UTC)
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/700/381672171@github.com>

> @johnwilander same-site does mean eTLD+1, but cross-origin != cross-site. What @mikewest was trying to demonstrate is that sometimes having the actual origin is useful to make decisions, even if it's same-site or cross-site.

Ah, got it. I misread his comment. He does imply that same-site eTLD+1.

> As for Origin Policy, I think folks had thoughts on removing the statefullness somehow, but no progress has been made recently. The draft as it stands today is known not to work for Safari.

OK. Thx.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/700#issuecomment-381672171

Received on Monday, 16 April 2018 16:48:09 UTC