Re: [whatwg/fetch] Same-Origin policy and CORS should not be enforced on cross-origin requests where credentials is omit or same-origin (#787) from Anne van Kesteren on 2018-08-15 (public-webapps-github@w3.org from August 2018)

From: Anne van Kesteren <notifications@github.com>
Date: Wed, 15 Aug 2018 07:40:44 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/787/413218866@github.com>

I'm sorry, but you continue to misunderstand the same-origin policy and what it protects against. I've given an external pointer and I'm sure you can find more on your own. Suffice to say that it's not just about credentials and isn't really about CORS either (CORS was created to enable sharing of resources within the confines of the same-origin policy).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/787#issuecomment-413218866

Received on Wednesday, 15 August 2018 14:41:06 UTC