Re: [whatwg/fetch] Let Origin header honor referrer policy for non CORS request (#908) from Junior on 2019-05-30 (public-webapps-github@w3.org from May 2019)

From: Junior <notifications@github.com>
Date: Wed, 29 May 2019 17:30:40 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/908/c497156274@github.com>

> I think we should only take this into account when setting the `Origin` header, otherwise it will also affect various CORS algorithms and that does not seem like the right thing to do.
Okay, it's fair. 
> 
> Also, for some cross-origin navigation requests the `Origin` header was always `null` per the tests, right? That also needs to be reflected somehow.
For form POST navigation, 
(a) the redirect case is covered with `tainted origin flag`
(b) other cases are all the same with non-CORS fetch

Was I missing something?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/908#issuecomment-497156274

Received on Thursday, 30 May 2019 00:31:03 UTC