- From: Dima Voytenko <notifications@github.com>
- Date: Tue, 26 Jun 2018 18:26:49 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 26 June 2018 18:27:15 UTC
I'm bringing up ITP because we can reasonably anticipate that the use-cases that required proper secure access and were implemented via cookie-credentialed CORS (in other words, valid security-sensitive non-tracking use cases) would have to switch to bearer-credentialed CORS, including OAuth2. That seems to be clearly anticipated by HTTP specs in the form of "Authorization: Bearer" header. I understand, given the history, this might be losing argument, but having Web APIs essentially motivating everyone to push bearer credentials into URL query parameters seems non-ideal too. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/770#issuecomment-400416111
Received on Tuesday, 26 June 2018 18:27:15 UTC