- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 18 Jun 2015 21:05:11 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Friday, 19 June 2015 04:05:38 UTC
I guess we could have some header that indicates it's okay to surface the redirect to script. Combined with setting the redirect mode to manual that would allow surfacing it then... (And if the redirect is on another origin it would also need to specify CORS headers, of course.) If we want this that should probably be a separate issue. @jakearchibald had a point that if it's okay to expose a redirect as an opaque response you're already pretty far in knowing it's a redirect, except that you don't know where it goes (or what it contains). Would be great to have security review for this. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/66#issuecomment-113359737
Received on Friday, 19 June 2015 04:05:38 UTC