Re: [whatwg/fetch] CORS: arbitrary blocking of accept header based on length (#862)

It's a filed bug in Firefox and Safari. MDN will be updated by @sideshowbarker as I understand it. The rationale is that the more attacker controlled bytes there are the easier it is to determine things about the resource, which the attacker may not have access to. It's a recent change as well, which is why you are running into this now.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/862#issuecomment-458125560

Received on Monday, 28 January 2019 13:12:07 UTC