[whatwg/fetch] Safelist request headers starting with `Sec-` (#880) from Yoav Weiss on 2019-03-18 (public-webapps-github@w3.org from March 2019)

From: Yoav Weiss <notifications@github.com>
Date: Mon, 18 Mar 2019 07:32:25 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/880@github.com>

As discussed with @annevk on https://github.com/w3c/resource-hints/issues/74#issuecomment-473916086, this PR makes sure that `Sec-` prefixed request headers are always CORS-safe.
You can view, comment on, or merge this pull request online at:

  https://github.com/whatwg/fetch/pull/880

-- Commit Summary --

  * safelist request headers starting with Sec-

-- File Changes --

    M fetch.bs (8)

-- Patch Links --

https://github.com/whatwg/fetch/pull/880.patch
https://github.com/whatwg/fetch/pull/880.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/880

Received on Monday, 18 March 2019 14:32:48 UTC