- From: sleevi <notifications@github.com>
- Date: Fri, 21 Apr 2017 06:56:43 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 21 April 2017 13:57:23 UTC
@annevk Credentials matter if the concern was ambient authority bleeds - fetches *with* credentials can do more, hence cors-anonymous, which is effectively at play. I'm not sure I understand your concern or threat-model for headers, so perhaps if you could expand, I could document what implementations do. For example, are you concerned with 3P added headers or headers added by the implementation as part of processing? What is the underlying concern? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/530#issuecomment-296197497
Received on Friday, 21 April 2017 13:57:23 UTC