- From: Mike Sidorov <notifications@github.com>
- Date: Tue, 19 Mar 2019 15:04:28 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 19 March 2019 15:04:51 UTC
According to specification beacon request `mode` is determined by `Content-Type`: if it's specified and value is CORS-safelisted - then `mode` should be `cors`, otherwise (default case) - `no-cors`. CORB specification does not state if beacon requests should be blocked but mentions that it's a helping mechanism where CORS cannot be applied. This leads to idea that when beacon request `mode` is set to `cors` request should not be blocked. So it means that response should be treated based on request data's type and that makes no sense for me. Moreover, that means server is not able to turn off CORB unless client sets correct `Content-Type` (and it shouldn't be CORS-safelisted). What about adding more controls or maybe disabling CORB for beacon requests at all (since the response cannot be used anyway)? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/882
Received on Tuesday, 19 March 2019 15:04:51 UTC