Re: [whatwg/fetch] Header to opt out of opaque redirect (#601)

This is starting to become a problem with Single page applications and remote authentication providers.  A lot of server side frameworks will send back a 302 in reaction to an authentication failure so the user can authenticate.  If this is initiated from a fetch request we need to navigate the browser, not have the fetch follow the response.

With xmlHttpRequest we could tell the difference by inspecting the X-Requested-With header and, on the server, switch the response from 302 to another status code that isn't auto followed.  There is no "hints" in the standard that we can use stop sending a 302, and the javascript cannot read the intended destination... it's lose-lose

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/601#issuecomment-502667208

Received on Monday, 17 June 2019 12:45:10 UTC