Re: [w3ctag/design-reviews] Migrating some high-entropy HTTP request headers to Client Hints. (#320) from Anne van Kesteren on 2018-11-05 (public-webapps-github@w3.org from November 2018)

From: Anne van Kesteren <notifications@github.com>
Date: Mon, 05 Nov 2018 05:14:07 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/320/435869240@github.com>

To what extent did you think through how this impacts CORS? As I understand it only Chrome has shipped Clients Hints and basically extended the CORS safelist of headers that can be sent cross-origin without preflight. This is specified to some extent, but there are major issues that are mostly left unaddressed. To then further build on it seems somewhat inappropriate.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/320#issuecomment-435869240

Received on Monday, 5 November 2018 13:14:28 UTC