Re: [fetch] Add new Access-Control-Suppress-Headers CORS response header (#253) from Anne van Kesteren on 2016-03-18 (public-webapps-github@w3.org from March 2016)

From: Anne van Kesteren <notifications@github.com>
Date: Fri, 18 Mar 2016 00:16:50 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/253/198235394@github.com>

@sicking @tyoshino?

I could see this as a complimentary header to AC-Expose-Headers that takes precedence in case of conflict. I'm not sure we should make them mutually exclusive. That way you can have a server-wide policy of suppressing certain debug headers, while individual resources can expose what they think is relevant and you don't have to worry about individual resources leaking too much (unless hey include the information elsewhere, but then you're already done for).

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/253#issuecomment-198235394

Received on Friday, 18 March 2016 07:17:17 UTC