- From: Marijn Kruisselbrink <notifications@github.com>
- Date: Tue, 30 Jan 2018 19:58:30 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 31 January 2018 03:58:53 UTC
If I'm reading the spec correctly, currently the spec allows both no-cors and navigate requests to cross-origin blob URLs. I don't think that is actually what implementations do. I haven't done exhaustive testing, but at least chrome and firefox both seem to block cross origin navigate requests to blob URLs and at least some no-cors requests. So am I missing something in the spec, or is the spec actually more permissive than what implementations do? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/666
Received on Wednesday, 31 January 2018 03:58:53 UTC