- From: Henry Story <notifications@github.com>
- Date: Sun, 08 Nov 2015 03:10:04 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Sunday, 8 November 2015 11:10:32 UTC
In order to be able to sign a request such as with the proposed [HTTP Signatures spec](https://tools.ietf.org/html/draft-cavage-http-signatures-05), one would want to have access to as many of the headers as possible as they will be sent. Quite reasonably the Fetch API does not allow one to set [a list of forbidden headers](https://fetch.spec.whatwg.org/#terminology-headers). But it should allow those that can be viewed without danger to be part of the to be signed text. This function could only be executed just before the request is sent. So one needs a function in Request that allows one to access the request before it is being sent. It would be useful for the function to have access to the Request itself and the HTTP version, ie `GET / HTTP/1.1` as well as all the headers that it would be allowed to see. The function would return a set of new headers such as `Authorize: ...` that would be filtered for legal ones and appended to the request. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/156
Received on Sunday, 8 November 2015 11:10:32 UTC