- From: Boris Zbarsky <web-platform-tests-notifications@w3.org>
- Date: Wed, 08 Mar 2017 22:32:02 GMT
- To: public-web-platform-tests-notifications@w3.org
> I also think you may have introduced a same-origin policy violation in Firefox since you can't just preserve Content-Type when its value is not safelisted My change linked to aboev just preserved the "Content-Type not set" state across redirects, instead of converting it to "Content-Type set to empty string", which is what Firefox used to do before my change. It didn't change the behavior of any cases in which the header was set. Looking at Firefox code, we use the concept at https://fetch.spec.whatwg.org/#cors-safelisted-request-header to decide whether to preflight or not. I'm not sure whether we use it for anything else. Bug report is probably a good idea. That said, I see nothing in the spec about special handling of these on redirect, just in terms of checking what the preflight response looks like, right? View on GitHub: https://github.com/w3c/web-platform-tests/pull/5070#issuecomment-285191423
Received on Wednesday, 8 March 2017 22:32:15 UTC