[whatwg/fetch] Safelist Last-Event-ID (#568)

Per https://github.com/whatwg/html/issues/689 it can contain any header value. And it seems that a page with a cooperating server can send that header anywhere due to redirects.

Basically, use `EventSource` to open a connection. Get the server to set the ID. Then trigger a reconnection. Then when the server gets the header, redirect that request to wherever. That request to wherever will include the `Last-Event-ID` header with a value that can be controlled by the server that did the redirect.

Given that this has been the case for forever, we might as well enshrine it. (Should probably write a test to confirm though.)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/568

Received on Thursday, 20 July 2017 12:08:24 UTC