- From: Matt Falkenhagen <notifications@github.com>
- Date: Tue, 11 Dec 2018 06:02:33 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 11 December 2018 14:03:00 UTC
This came up in a Blink [Intent to Ship](https://groups.google.com/a/chromium.org/d/msg/blink-dev/7OSy00oxVpk/siufiQVBBwAJ). HTML defines [CORS-same-origin](https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-same-origin) in a way that excludes 'error' responses. As a result, stylesheets that fail to load are considered cross-origin, so stylesheet.cssRules will throw a SecurityError. Is this the recommended way specs interpret the Fetch response type 'error', and if so why? I could imagine an alternative design we have 'error' and 'opaqueerror', where 'error' is network error from a same-origin URL and opaqueerror is a network error from a cross-origin URL. Was that type of design considered and rejected? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/848
Received on Tuesday, 11 December 2018 14:03:00 UTC