- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 03 Apr 2018 12:05:54 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 3 April 2018 12:06:33 UTC
Having read through https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md in more detail I wonder why it doesn't call out `fetch()` a bit more prominently. `fetch()` supports "no-cors" and therefore can get at cross-origin resources without CORS. Those resources are opaque to most callers, but it seems that special care needs to be taken to not leak them to the wrong process until explicitly called for, including when they get persisted to disk... -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/681#issuecomment-378226623
Received on Tuesday, 3 April 2018 12:06:33 UTC