Re: [whatwg/fetch] Block subresource requests whose URLs include credentials. (#465) from youennf on 2018-01-11 (public-webapps-github@w3.org from January 2018)

From: youennf <notifications@github.com>
Date: Thu, 11 Jan 2018 15:00:31 +0000 (UTC)
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/465/c356959544@github.com>

Safari is currently supporting user info for both top resources and sub resources.
Any redirection URL is currently pruned of userinfo.

I am not sure how backward compatible it is to remove support of userinfo for things like XHR.
It seems safe to change the handling of redirections given how inconsistent the ecosystem is.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/465#issuecomment-356959544

Received on Thursday, 11 January 2018 15:01:11 UTC