[fetch] force-Origin-header flag set for no-cors requests (#91) from Takeshi Yoshino on 2015-07-23 (public-webapps-github@w3.org from July 2015)

From: Takeshi Yoshino <notifications@github.com>
Date: Thu, 23 Jul 2015 03:10:02 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/91@github.com>

Is it intentional that the "force-Origin-header flag" is set for a Request with mode set to "no-cors"? The name "force" looks like it's for overriding the default behavior. But I want to confirm with you.

This commit started using the flag for the first time.
https://github.com/whatwg/fetch/blob/4deb3ff5e7cb9d868d1f87048e641fc70c8b7928/Overview.src.html (and https://github.com/whatwg/xhr/commit/c99000a96dada32b0aed566563c759256f0b2d9a in XHR and https://github.com/whatwg/fetch/commit/a607d1828209a344e17d6e0a2f8325e547c1014f for Fetch API)

At this point, the Fetch API was not defined yet. I wonder if this flag was intended to be used by XHR for some reason... and not for the Fetch API.

----

If it's intentional, maybe "4.2.2 HTTP requests" should include some note saying that requests made using a self-created Request with mode set to no-cors includes an "Origin" header though it doesn't pertain in the CORS protocol.


---
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/91

Received on Thursday, 23 July 2015 10:10:33 UTC