Re: [whatwg/fetch] CORS: why is Authorization request header forcing preflight? (#770) from Dima Voytenko on 2018-06-25 (public-webapps-github@w3.org from June 2018)

From: Dima Voytenko <notifications@github.com>
Date: Mon, 25 Jun 2018 10:23:05 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/770/400030031@github.com>

You can certainly close. But I'd really request to consider the implications here. With ITP we are moving to the world where credentialed CORS is essentially nonexistent. OAuth2 and bearer credentials in general may soon be the only reliable CORS strategy.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/770#issuecomment-400030031

Received on Monday, 25 June 2018 17:23:28 UTC