- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 07 Apr 2015 04:39:26 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Tuesday, 7 April 2015 11:39:55 UTC
The header can only be set for fetches that are same-origin or subject to CORS (with a preflight where the server needs to opt into `User-Agent`), same as all developer-set headers. If that still enables attacks I would love to see an example. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/37#issuecomment-90517461
Received on Tuesday, 7 April 2015 11:39:55 UTC