- From: Mark Nottingham <notifications@github.com>
- Date: Mon, 27 Feb 2017 16:54:07 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 28 February 2017 00:54:43 UTC
OK, but I don't see how this still isn't a concern -- a response that was fetched with credentials can be cached upstream (whether that cache is on the same box, a network proxy, a reverse proxy/CDN or an origin server cache) and reused for a request without credentials, without any knowledge by Fetch. Developers often assume that the only cache is the browser cache because TLS, but there are still CDN and origin caches, to say nothing of MitM caches. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/307#issuecomment-282906852
Received on Tuesday, 28 February 2017 00:54:43 UTC