- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 19 Sep 2017 07:24:39 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 19 September 2017 14:25:01 UTC
I guess it is somewhat, indeed. Though no-cors reveals response vs error, but does not reveal CORS error. And a response to a CORS request to the same URL could be different from no-cors due to the additional request header. So you'd still have additional leakage. And if you're planning on using the new hooks we'd have to evaluate if that usage doesn't reveal anything new either. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/605#issuecomment-330556556
Received on Tuesday, 19 September 2017 14:25:01 UTC