Re: [whatwg/fetch] Allow servers to completely opt out of current and future CORS protection (#865) from Anne van Kesteren on 2019-02-07 (public-webapps-github@w3.org from February 2019)

From: Anne van Kesteren <notifications@github.com>
Date: Thu, 07 Feb 2019 09:44:19 +0000 (UTC)
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/865/461350206@github.com>

Well, you'd need a detailed processing model, implementer support, and tests. Given that we explicitly did not want this kind of wildcard approach when we introduced CORS (it was seen as too dangerous by security teams), I somewhat doubt it'll see traction now, but perhaps. It's also not clear to me how exactly this is supposed to work as CORS affects requests too, to some extent.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/865#issuecomment-461350206

Received on Thursday, 7 February 2019 09:44:42 UTC