- From: Jake Archibald <notifications@github.com>
- Date: Wed, 04 Apr 2018 12:51:50 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 4 April 2018 12:53:26 UTC
@annevk I don't need a spec review for this yet as I'm still working on it, but do you think the direction is right?
Headers *objects* now carry the "allow privileged no-cors headers flag".
`new Request(request)` and `request.clone()` will preserve this flag and the headers.
`new Request(request, { method: 'post' })` (or any other init member) will not preserve the flag. If the mode is no-cors the range header will not be preserved.
Any changes to mutable headers, such as `request.headers.set('foo', 'bar')` will unset the flag and remove the range header.
The "allow privileged no-cors headers flag" will be set in the service worker when it creates the request object for the fetch event. It will be set if the mode is no-cors. My assumption is, if the request has privileged headers at this point, they must have been set by a privileged API.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/560#issuecomment-378588793
Received on Wednesday, 4 April 2018 12:53:26 UTC