- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 07 Apr 2015 08:10:12 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Tuesday, 7 April 2015 15:10:41 UTC
@steike I don't understand your attack scenario. The `User-Agent` retains its default value for the majority of fetches. It is only fetches that go through `fetch()` that are potentially impacted and those are under control of the site. And cross-origin resources need to explicitly opt-in to allowing `User-Agent` headers with non-default values, but your attack does not seem to concern those. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/37#issuecomment-90602753
Received on Tuesday, 7 April 2015 15:10:41 UTC