- From: Jake Archibald <notifications@github.com>
- Date: Fri, 23 Feb 2018 14:20:43 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 23 February 2018 14:21:37 UTC
Re-reading this, I'm not happy with:
```js
const request = new Request(event.request);
request.headers.set('accept', 'foo');
```
Now the request has the range header from `event.request`, and the modified `accept` header.
The range header will be ditched when it gets copied within `fetch()`, but it feels like privileged headers should be removed if the headers are tampered with, and the guard is `"request-no-cors"`.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/560#issuecomment-368020110
Received on Friday, 23 February 2018 14:21:37 UTC