- From: youennf <notifications@github.com>
- Date: Fri, 18 May 2018 20:37:02 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 18 May 2018 20:37:26 UTC
Some WebKittens talked about this and are agreeing on the following direction: - Do not check ancestors - Support same/same-site values - Check this header for no-cors loads - Check this header in case of redirection as well as final response - Rename From-Origin to something like Cross-Origin-Resource-Policy or Cross-Origin-Read-Policy Is there consensus here? To be noted that, if the check fails, WebKit will fail the load. IIANM, CORB is not doing so, probably to minimize breakage risks. Given this header is opt-in, I have a slight preference to continue raising an error. WebKit also currently checks this header for navigation loads. Some discussion might be good to decide whether doing navigation loads checks or not, cc @johnwilander. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/687#issuecomment-390325274
Received on Friday, 18 May 2018 20:37:26 UTC