- From: npm1 <notifications@github.com>
- Date: Tue, 29 Oct 2019 14:14:13 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 29 October 2019 21:14:16 UTC
This adds a Timing Allow Origin (TAO) check, trying to be as close to a CORS check as possible. The check is added very close to where the CORS check is, in the HTTP fetch algorithm. It is added so that service worker responses are also checked. When the check fails, it is stored in the request (and once it fails, future redirects cannot cause it to pass). This check is similar to https://w3c.github.io/resource-timing/#dfn-timing-allow-check but the tainted bool is replaced with the tainted origin flag to align with CORS.
You can view, comment on, or merge this pull request online at:
https://github.com/whatwg/fetch/pull/955
-- Commit Summary --
* Add TAO check
-- File Changes --
M fetch.bs (41)
-- Patch Links --
https://github.com/whatwg/fetch/pull/955.patch
https://github.com/whatwg/fetch/pull/955.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/955
Received on Tuesday, 29 October 2019 21:14:16 UTC