- From: Jonas Sicking <notifications@github.com>
- Date: Fri, 13 Nov 2015 04:12:29 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Friday, 13 November 2015 12:14:02 UTC
I guess the question is, is this true for the entire fetch algorithm? And does fetch enable enforcing same-origin? And would simply changing workers to use fetch and not duplicate any of the security checks that fetch does cause it to not do synchronous checks? Regarding data, blink/webkit already don't do what the workers spec says. And I've not heard any plans that they will change. My recommendation has for a long time been to make fetch have an argument for "data: inherits" vs. "data: creates a unique origin". Webkit and blink use the latter policy for <iframe>s. It's something I wished that gecko did too. And the former policy is obviously needed for things like <img> and <script>. If you then combine the "data: creates a unique origin" with the "require same origin" policy that workers use, you get the behavior that webkit/blink has for workers. And the policy that I'd like to make gecko use for workers. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/161#issuecomment-156414633
Received on Friday, 13 November 2015 12:14:02 UTC