[fetch] The reason why Access-Control-Request-Headers includes simple headers (#249) from Takeshi Yoshino on 2016-03-16 (public-webapps-github@w3.org from March 2016)

From: Takeshi Yoshino <notifications@github.com>
Date: Wed, 16 Mar 2016 05:14:32 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/249@github.com>

/cc @mattto

IIUC, the Access-Control-Request-Headers is built by scanning all the entries in `request`'s header list's headers, and therefore it includes the names of the simple headers if any. Right?

If so, is there any reason to do so? We just found that the Firefox doesn't include them while Chrome does.

Including simple ones provide more info to the server via the preflight, but it should be not so important?

When checking the response, only request headers that are not simple are compared with the Access-Control-Allow-Headers. So, the server doesn't need to know simple ones for building the Access-Control-Allow-Headers.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/249

Received on Wednesday, 16 March 2016 12:14:59 UTC