- From: sirdarckcat <notifications@github.com>
- Date: Sun, 19 Jul 2015 09:47:16 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Sunday, 19 July 2015 16:47:43 UTC
The argument goes as follows: 1. Many websites have open redirects (facebook, google, yahoo, outlook, etc..). Essentially everyone that uses OAuth or OIC protocols has an open redirect by design. 2. It's likely that both, large and small sites will do cache-all policies. See this SW, for example: https://www.google.com/_/chrome/newtab-serviceworker.js When developers code these SW, it's not expected for them to have to check for redirects, because it's not really intuitive, and as a result would create an XSS in that site. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/79#issuecomment-122680226
Received on Sunday, 19 July 2015 16:47:43 UTC