- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 03 Sep 2015 05:30:10 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Thursday, 3 September 2015 12:30:54 UTC
Perhaps the best here is to instead of having this flag, we give origin a "no-origin" value that means omitting the header altogether, similar to what we do for referrer et al. Probably copying the origin from another request is okay, just not sure if we need to reset it if you change anything. I guess we should, otherwise you could circumvent XSS measures. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/91#issuecomment-137421653
Received on Thursday, 3 September 2015 12:30:54 UTC