- From: Jake Archibald <notifications@github.com>
- Date: Wed, 17 Jun 2015 04:37:54 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/66@github.com>
https://fetch.spec.whatwg.org/#dom-request step 19: > If request's redirect mode is "manual", set it to "follow". This is causing problems for service worker users doing `event.respondWith(fetch(event.request))` in the following situations: 1. Same-origin navigation resulting in same-origin redirect 2. Same-origin navigation resulting in same-origin redirect but destination url is under the scope of a different SW 3. Same-origin navigation resulting in cross-origin redirect While https://github.com/slightlyoff/ServiceWorker/issues/607 will deal with 1, it won't solve the others. * The destination response is served against the original request url, breaking relative urls * For 2, the result is controlled by the wrong service worker * For 3, the result is a network error as per https://fetch.spec.whatwg.org/#http-fetch 2.2 * For 2, it can be worked-around by checking a mismatch between `request.url` and `response.url` & returning `Response.redirect(response.url)`, but this results in a double-request * 3 cannot be worked around Could we allow manual redirects with fetch, but where the response has some degree of opaqueness for security? This would involve hiding the `location` response header at least. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/66
Received on Wednesday, 17 June 2015 11:38:22 UTC