- From: Yoav Weiss <notifications@github.com>
- Date: Thu, 26 Apr 2018 00:54:24 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 26 April 2018 07:54:46 UTC
> It's problematic for CSP if you don't nullify it, as I've explained many times on many threads... I understand. At the same time you stated above that: > The only way to make this work is if we guard the response (make it opaque (though maybe slightly less than opaque is okay) + special destination marker) so it can only be used for its intended purpose and cannot be read from otherwise. Which seemed like a way forward > If you pass the Request object directly to event.respondWith() it's unchanged, since you don't get the response in that case. If there's already a way to get around the destination nullification than that's great. Can you point me at an example? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/717#issuecomment-384548069
Received on Thursday, 26 April 2018 07:54:46 UTC