- From: Ehsan Akhgari <notifications@github.com>
- Date: Thu, 14 Apr 2016 14:40:04 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Thursday, 14 April 2016 21:40:34 UTC
krijnhoetmer.nl is currently inaccessible so I can't read the discussion that led to removing `only-if-cached`. I'm assuming the attack vector there was a privacy leak using this cache mode to see if an arbitrary URL has already been visited. It's unclear to me what same-origin here means exactly, as @annevk mentioned. Also, if it's about the origin actually being fetched, how is a redirect from same-origin to cross-origin and back to same-origin supposed to be handled? --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/159#issuecomment-210161642
Received on Thursday, 14 April 2016 21:40:34 UTC