- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 19 Apr 2018 14:39:28 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 19 April 2018 14:40:01 UTC
Since this only needs to apply to "no-cors", it seems changing the bit of step 5 of https://fetch.spec.whatwg.org/#concept-main-fetch that deals with "no-cors" would be more straightforward than duplicating same-origin and CORS checks. Although maybe you care about the ordering relative to CSP? In that event it seems that using request's response tainting would be easier? What is the observable difference between an empty response and a response with some headers filtered and its body omitted? Is that mostly about Content-Type and X-Content-Type-Options or some such? And without those it would trigger an error event here and there? It would be nice if could be more limited than allowing quite a lot of headers. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/686#issuecomment-382761610
Received on Thursday, 19 April 2018 14:40:01 UTC