- From: arturjanc <notifications@github.com>
- Date: Fri, 27 Apr 2018 20:44:25 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 27 April 2018 20:44:49 UTC
I definitely like the idea of letting the server make decisions based on the sender of the request, but that might be a better fit for `Sec-Site` because of the legacy problems with `Referer` partly discussed in https://github.com/whatwg/fetch/issues/700#issuecomment-382762249. Specifically in this case if the application only sends `From-Origin` if there is no referrer then it's more likely that users with software that blocks/spoofs the `Referer` would break, because the site owner would not extensively test this case (since it's a behavior they wouldn't see by default). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/687#issuecomment-385089061
Received on Friday, 27 April 2018 20:44:49 UTC