- From: Matt Menke <notifications@github.com>
- Date: Wed, 21 Nov 2018 10:15:10 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 21 November 2018 18:15:32 UTC
MattMenke2 commented on this pull request. > + <p><a for=list>For each</a> <var>value</var> of <var>values</var>: + + <ol> + <li><p>Set <var>mimeType</var> to the result of <a lt="parse a MIME type">parsing</a> + <var>value</var>. + + <li><p>If <var>mimeType</var> is failure, then <a for=iteration>continue</a>. + + <li> + <p>If <var>mimeType</var>'s <a for="MIME type">essence</a> is not "<code>*/*</code>" or + <var>essence</var>, then: + + <ol> + <li><p>Set <var>charset</var> to null. + + <li><p>If <var>mimeType</var>'s <a for="MIME type">parameters</a>["<code>charset</code>"] The more I think about it, the more I think you're probably right that just taking the first would break too much. Seems to me like the safest way to CORS-safelist-check check the Content-Type request header would be to either check all MIME types, not just the first one, or refuse to send any but the first. That way, we wouldn't have to rely on servers implementing a fully compliant Content-Type parser. But that's perhaps getting a bit far afield. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/831#discussion_r235493583
Received on Wednesday, 21 November 2018 18:15:32 UTC