- From: Yoav Weiss <notifications@github.com>
- Date: Fri, 24 Aug 2018 01:33:20 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 24 August 2018 08:33:42 UTC
Not extending the safelist for UA generated values would add a significant cost to introducing any new request headers. That makes little sense. (For both CH as well as other UA generated headers. e.g. `upgrade-insecure-requests`). Preflights don't come for free, and we should carefully consider the (infinitesimal IMO) risk of sending newly-introduced UA generated headers (with value restrictions) to servers vs. the certainty of inflicting performance pain on all/many users as a result. /cc @mikewest -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/800#issuecomment-415691782
Received on Friday, 24 August 2018 08:33:42 UTC