- From: Jake Archibald <notifications@github.com>
- Date: Fri, 15 Apr 2016 03:27:23 -0700
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Friday, 15 April 2016 10:27:54 UTC
In our first discussion about this, I was aware that we were leaking some credentials as B's SW was fetched via SW, but I hadn't appreciated that B could turn every no-credential request into a credential request. I'm sure @annevk made this clear at the time, but it didn't sink in. If we decide that no-credential requests are only designed to protect B and not A, this isn't a problem. It's B's cookies that are used after all. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/878#issuecomment-210406161
Received on Friday, 15 April 2016 10:27:54 UTC