- From: Yoav Weiss <notifications@github.com>
- Date: Thu, 21 Mar 2019 02:19:27 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 21 March 2019 09:19:49 UTC
> The problem with this approach is service workers. You've now put privileged headers in a `Request` object. Trying to do anything with that `Request` object will get those headers removed due to the way the `Request` constructor operates and https://fetch.spec.whatwg.org/#concept-headers-append in particular which it invokes. My understanding going over that [constructor algorithm](https://fetch.spec.whatwg.org/#dom-request) is that: * Step 13 copies the cloned input request's header list to the new request's headers list * Step 31 creates a new `Headers` object from that headers list, which includes those `Sec-` headers. * Step 32 then appends those headers to the new `Headers` object, **[only if `init` is not empty](https://fetch.spec.whatwg.org/#ref-for-concept-headers-append%E2%91%A2)** Is that correct? If so, is that the intended behavior? I feel like adding `Sec-` to the safe list, and allowing it to be copied from the original `Request` (but not from `RequestInit`) somewhere around step 32 would have solved what we're trying to do here. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/880#issuecomment-475158427
Received on Thursday, 21 March 2019 09:19:49 UTC