- From: Martin Thomson <notifications@github.com>
- Date: Tue, 25 Jul 2017 00:32:46 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 25 July 2017 00:33:09 UTC
I think that the general approach is fine. It's unfortunate that we created these reporting mechanisms without due consideration to this, but that's happened now and there is little sense in trying to wind it back, even if we could. My question is to what guidance we might provide to someone looking to create yet another exception. Emily has had something of a hard time with Expect-CT, which is a little unfair. If we had a clear description of the principles we intend to apply, that removes a lot of the uncertainty from this. For instance, is there any reason that we might want to describe how POST and GET are different here? As a safe method, GET is inherently much less likely to trigger unwanted side-effects. The reporting requests generally use POST. Or, what advice might we give regarding media types? A very specific media type is less likely to trigger adverse reactions from a server that doesn't expect a request, though anything based on JSON might still evade that kind of defense. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/567#issuecomment-317593573
Received on Tuesday, 25 July 2017 00:33:09 UTC