- From: Ruben Verborgh <notifications@github.com>
- Date: Fri, 08 Mar 2019 10:32:23 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/878/471029678@github.com>
> Where did I say "opt-out is not opt-in"? That seems like a reasonable interpretations of > Only opt-ins can be characterised as opt-in. > then your proposal isn't opt-in (and an opt-out is provided). ----- > Similarly, you could frame CORS and your proposal as opt-ins or opt-outs, but they're definitely one of those, and they're both the same one. First of all, we are following the recommended the procedure at https://whatwg.org/faq#adding-new-features and thus proposing a problem that should be solved, not a solution. So "our proposal" (= a problem to be addressed) cannot be equal to "CORS" (= a solution). What we are saying is that the above use cases are not addressed by CORS, and we have received no indications of the contrary. CORS is a method for relaxing very specific conditions of the cross-origin protection mechanism. CORS does _not_ provide a method to complete opt out of cross-origin protection (if it does, please let us know). At this stage, it seems highly preliminary to discuss potential solutions and their drawbacks, or to argue for the non-existence of any solution. We are currently looking for arguments that prove or disprove the validity, relevance, and importance of our use cases. Only when we have agreed that they are a problem that is not addressed currently, we should look into the possibility of creating and discussing solutions. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/878#issuecomment-471029678
Received on Friday, 8 March 2019 18:32:44 UTC