Re: [whatwg/fetch] fetch() doesn't properly handle errors from pre-flight responses with CORS (#443) from Anne van Kesteren on 2016-12-28 (public-webapps-github@w3.org from December 2016)

From: Anne van Kesteren <notifications@github.com>
Date: Wed, 28 Dec 2016 00:33:05 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/443/269444262@github.com>

The preflight is an ack that the server understands CORS. It never includes credentials. The server should only be concerned in the response with whether it understands CORS, nothing else. The 403 can be in the response to the actual request.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/443#issuecomment-269444262

Received on Wednesday, 28 December 2016 08:33:40 UTC