Re: [whatwg/fetch] Add TAO check (#955)

> @yoavweiss can you review this as well? 
I'll review shortly

> And in particular confirm that same-origin redirects do not require TAO headers even if they're not otherwise exposed for security reasons (well, with some caveats, it's mostly not exposed when there's multiple).

Currently we don't expose specific timing of such redirects, although we are planning to at some point. Can you elaborate on the security reasons those are not exposed in CORS?



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/955#issuecomment-549947988

Received on Tuesday, 5 November 2019 18:11:17 UTC