- From: Anne van Kesteren <notifications@github.com>
- Date: Wed, 09 Mar 2016 06:42:44 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/237/r55527289@github.com>
> @@ -4108,9 +4136,18 @@ <h3 id="request-class"><span class="secno">6.3 </span>Request class</h3> > <code title="">credentials</code> member if it is present, and > <var>fallbackCredentials</var> otherwise. > > - <li><p>If <var>credentials</var> is non-null, set <var>request</var>'s > - <a href="#concept-request-credentials-mode" title="concept-request-credentials-mode">credentials mode</a> to > - <var>credentials</var>. > + <li><p>If <var>credentials</var> is non-null: > + > + <ol> > + <li>If <var>credentials</var> is a > + <a href="https://w3c.github.io/webappsec-credential-management/#interfaces-credential-types-passwordcredential">PasswordCredential</a>, > + set <var>request</var>'s <a href="#concept-request-credentials-mode" title="concept-request-credentials-mode">credentials mode</a> to > + "<code title="">attached-credential</code>", and <var>request</var>'s > + <a href="#concept-request-attached-credential" title="concept-request-attached-credential">attached credential</a> to We have generally deferred same-origin checks to the network layer. I don't think there's a strong reason to not do that here. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/237/files#r55527289
Received on Wednesday, 9 March 2016 14:43:14 UTC