- From: Jxck <notifications@github.com>
- Date: Thu, 18 Jul 2019 03:35:28 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 18 July 2019 10:35:51 UTC
@annevk ok, my question of risk means allowing sub-origin (subdomain of `https://example.com`) in access-control-allow-origin rather than specify single origin (just `https://example.com`). and you mean there are reasonable to allow them, but notation of `https://*.example.com` is hard to standardize (parsing/matching model etc). but `samesite` has [done](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00) them already, so it's possible to use them instead of `https://*.example.com` notation. is that right ? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/890#issuecomment-512761925
Received on Thursday, 18 July 2019 10:35:51 UTC