Re: [fetch] Redirect on preflighted CORS requests generally impossible (#204) from Nico Schlömer on 2016-01-26 (public-webapps-github@w3.org from January 2016)

From: Nico Schlömer <notifications@github.com>
Date: Tue, 26 Jan 2016 14:44:18 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/204/175274862@github.com>

The respective section in the [latest revision](https://fetch.spec.whatwg.org/) says:

> * Otherwise, request's redirect mode is "follow", run these substeps:
>
>   1. If request's mode is "cors", request's origin is not same origin with locationURL's origin, and locationURL includes credentials, return a network error.
>   2. If the CORS flag is set and locationURL includes credentials, return a network error.
>   3. [...]

If "locationURL includes credentials" describes URLs of the type `http(s)://username:password@example.com`, this should be fine.

---
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/204#issuecomment-175274862

Received on Tuesday, 26 January 2016 22:44:54 UTC