- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 07 Nov 2019 02:23:06 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 7 November 2019 10:23:08 UTC
@yoavweiss it was hidden for any secrets the `Location` header might contain (can contain login tokens for (cross-origin) resources). And I guess any header (or body) at this point. @arturjanc so it wasn't clear to me if the timing data is broken down and currently you cannot detect a second redirect to my knowledge (although maybe some other API that isn't layered appropriately broke that, forgot). None of this seems particularly scary, indeed, but I'd like to be rather clear when we reveal more networking data than previously as sometimes the combination of a number of those sidechannels leads to issues. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/955#issuecomment-551017176
Received on Thursday, 7 November 2019 10:23:08 UTC