[whatwg/fetch] Consider changing CORP to use same-site instead of schemelessly same-site (#969) from Domenic Denicola on 2019-11-19 (public-webapps-github@w3.org from November 2019)

From: Domenic Denicola <notifications@github.com>
Date: Tue, 19 Nov 2019 09:08:24 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/969@github.com>

This would entail replacing https://fetch.spec.whatwg.org/#cross-origin-resource-policy-check step 5 with a simpler

```html
 <li><p>If <var>request</var>'s <a for=request>origin</a> is <a>same site</a> with
 <var>request</var>'s <a for=request>current URL</a>'s <a for=url>origin</a>, then return
 <b>allowed</b>.
```

Some background in https://github.com/whatwg/fetch/pull/965#issuecomment-552810232 and https://github.com/whatwg/fetch/issues/687#issuecomment-395551229.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/969

Received on Tuesday, 19 November 2019 17:08:26 UTC