Re: [whatwg/fetch] Let Origin header honor referrer policy for non CORS request (#908) from Junior on 2019-06-03 (public-webapps-github@w3.org from June 2019)

From: Junior <notifications@github.com>
Date: Mon, 03 Jun 2019 15:33:17 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/908/c498450982@github.com>

 >     * What is the rationale?
> 
Please see https://bugzilla.mozilla.org/show_bug.cgi?id=1504085#c7
At the beginning, we don't want to leak `Origin:` for HTTPS->HTTP cases.
And we find out `Referrer-Policy` is a good target to honor.

>     * Why is this only for non CORS requests?
Please see https://github.com/web-platform-tests/wpt/pull/15937#discussion_r270465836
Tag @annevk who might have some ideas. 


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/908#issuecomment-498450982

Received on Monday, 3 June 2019 22:33:39 UTC