Re: [fetch] Navigate likely needs to be "no-cors" after all, need to update security checks (#126) from Anne van Kesteren on 2015-09-17 (public-webapps-github@w3.org from September 2015)

From: Anne van Kesteren <notifications@github.com>
Date: Thu, 17 Sep 2015 10:29:53 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/126/141160263@github.com>

So @wanderview suggested introducing "navigate" as a mode since navigation really has its own policy. We would not expose that to script, just the HTML Standard. The alternative is that security branches on both mode and destination. (Having said that, per another suggestion it might already branch on mode and redirect mode. So I'm not sure how consistent we'd be if we did that too.)

I wonder what @tyoshino et al think of that.

---
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/126#issuecomment-141160263

Received on Thursday, 17 September 2015 17:30:27 UTC