- From: youennf <notifications@github.com>
- Date: Fri, 25 May 2018 12:12:03 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 25 May 2018 19:12:27 UTC
youennf commented on this pull request. PR sounds good to me, in particular: - When happens the CORP check. It is handling all responses even intermediate ones - CORP does apply to redirections but not to the final response-after-redirection if it is again same origin The one thing that might need further discussion is whether to apply CORP on preflight responses. It seems this PR implies that CORP should be checked. WebKit does not enforce it and it makes sense to me to keep it that way. This could for instance ease deployment strategies such as "stick that CORP: same-site header on any response" FWIW, the WebKit patch aligning with this PR should land shortly. I will upstream the tests we have so far to WPT. They should be further completed by header value parsing, preflight and challenge response dedicated tests. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/733#pullrequestreview-123484794
Received on Friday, 25 May 2018 19:12:27 UTC