- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 02 May 2017 23:53:02 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 3 May 2017 06:53:34 UTC
> Doesn't it also mean that header information (and possibly authentication information) would be exposed for those cross-origin requests? No. Only headers set by the creator of the request. > It is safe, but it seems a bit surprising to me (and I would guess devs). I'm pretty sure we discussed this model at length with @jakearchibald et al. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/535#issuecomment-298835409
Received on Wednesday, 3 May 2017 06:53:34 UTC