Re: [whatwg/fetch] Redirect on preflighted CORS requests generally impossible (#204) from Anne van Kesteren on 2016-08-04 (public-webapps-github@w3.org from August 2016)

From: Anne van Kesteren <notifications@github.com>
Date: Thu, 04 Aug 2016 01:44:44 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/204/237491131@github.com>

Okay, so what I missed was that Fetch does copy this restriction after all, by setting redirect mode to "error".

@youennf pointed this out in https://github.com/whatwg/fetch/issues/198#issuecomment-236925202.

So I'm going to reopen this and then I'm going to change Fetch to not do that since we have since determined that it is secure. And with the upcoming origin-wide CORS preflights it will be relatively cheap to have redirects that require a preflight.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/204#issuecomment-237491131

Received on Thursday, 4 August 2016 09:41:48 UTC