- From: Eric Portis <notifications@github.com>
- Date: Thu, 17 Jan 2019 06:55:25 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 17 January 2019 14:55:46 UTC
eeeps commented on this pull request.
> @@ -3208,23 +3208,23 @@ the request.
<dd>a suitable <a href=https://wicg.github.io/netinfo/#ect-request-header-field>ECT value</a>
</dl>
- <li><p>If the result of running
- <a href="https://wicg.github.io/feature-policy/#should-request-be-allowed-to-use-feature">Should
+ <li><p>If <var>request</var> is a cross-origin <a>subresource request</a> and the result of
I don't think we want to limit this check to cross-origin requests. The default policies for these features should certainly include 'self', and I can't really think of a use case for disabling them for 'self', but the FP spec/syntax gives authors full control over all origins, including 'self,' and I don't want this to be a weird exception to that.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/773#pullrequestreview-193664768
Received on Thursday, 17 January 2019 14:55:46 UTC