- From: sleevi <notifications@github.com>
- Date: Mon, 24 Apr 2017 19:48:52 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/530/296877404@github.com>
@annevk I'm asking for the basis of how you include the OS in scope but downloads/user interaction out of scope. To me, they seem the one and the same. That is, I don't question that what the browser code does in on scope, to the extent the browser is required to implement functionality X, and functionality X is not defined by some other specification. But if it is not code the browser is required to implement - whether it be because it is a function of the executing application (e.g. downloads) or of the OS (TCP FastOpen, DNS resolution, PKIX) - then I don't think it should be in scope. We see this spec/security bleed in other areas - like @mkwest with "Let localhost be localhost" - and I feel we should approach those things with fear and trembling. Every time the browser attempts to encroach on the purview of other specs, we make the platform exceptionally more complex. I don't think you'd disagree with this, but that's why I'm trying to understand where and why you feel the OS should be considered in scope. If I could try a different way of expressing it, it seems like our disagreement or debate is whether the goal is to restrict _all_ requests or simply _browser-initiated_ requests. Does that match your understanding of the discussion so far? Or is it that you think regardless of API and spec, by virtue of a request happening as part of a page load, then regardless of subsystem it constitutes _browser-initiated_? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/530#issuecomment-296877404
Received on Tuesday, 25 April 2017 02:49:27 UTC