- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 24 May 2018 01:39:01 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 24 May 2018 08:39:23 UTC
So the alternative I can think of here is that we always preserve request's origin to its initial value and instead set a tainted origin flag during redirects. We then use that flag for the `Origin` header as well as the CORS literal origin comparison. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/594#issuecomment-391635811
Received on Thursday, 24 May 2018 08:39:23 UTC