- From: Lukasz Anforowicz <notifications@github.com>
- Date: Wed, 25 Apr 2018 15:27:23 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 25 April 2018 15:27:51 UTC
> @anforowicz can you explain why the "Otherwise" clause applies? That's CORS. I thought CORS was excluded? Unless I'm mistaken this should only apply to cross-origin "no-cors" loads, which is covered by "opaque" response tainting. You're right - I was confused and wrong about which clause covers what. > And yeah, I think when CORB applies you basically want to return a fresh empty response that doesn't even have an internal response to hold onto or inspect. Okay - I tried to do that by saying that before returning the response its body and header list need to be set to null/empty. -------------------------- Also - the "no-cors" request mode already excludes "navigate" mode, so I think there is no need to explicitly exclude navigational requests in the CORB algorithm - I've removed the item that talked about request destination being document/embed/object. -------------------------- And I also tried to add a note clarifying that CORB blocking needs to take place before the data reaches the cross-origin renderer process. It seems a bit clumsy (I wasn't sure how to refer to the cross-origin renderer process), but maybe this is good enough for a note. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/686#issuecomment-384328608
Received on Wednesday, 25 April 2018 15:27:51 UTC