- From: Louis Ryan <notifications@github.com>
- Date: Wed, 15 Jul 2015 09:56:50 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Wednesday, 15 July 2015 16:57:21 UTC
Proxies promoting trailers into headers is a pre-existing issue and the proposal here would do nothing to change that. I raised the issue in response to sleevi@ noting that browsers interpreting trailers may pose a new security risk simply to note that the risk already existed in another form and nothing being discussed here is addressing that issue. Relatedly no one has argued for browsers to start interpreting trailers, which would represent a new risk. Given that terrible proxies are already a feature of the internet and are already causing problems how does the proposal here make that situation any worse? Is the argument that by browsers exposing an API for trailers it will encourage their use and therefore increase the aggregate risk posed by poorly implemented, as opposed to actively malicious, plaintext proxies? --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/34#issuecomment-121678952
Received on Wednesday, 15 July 2015 16:57:21 UTC