- From: Tim Berners-Lee <notifications@github.com>
- Date: Mon, 06 Apr 2020 05:49:52 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 6 April 2020 12:50:05 UTC
The fact that (a) there is no proposed solution yet or (b) no one in the bowser implementer community is interested in fixing this doesn't the bug isn't a bug. You can't write middleware which uses fetch. If you write general library code which alls fetch, it won't know whether to set credentials or not, so it will have to try with and then without, or vice versa. This increases the number of round trips in a system which is already has the round trips needed for the CORS prefetch. So it s a very broken system. A concrete proposal is for `Access-Control-Allow-Origin PUBLIC-AND-UNCUSTOMIZED` in the server response to satisfy the client whether the request comes with authentication or not. This could be put on all open data servers, and allow the world of data mashups to return to the web. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/517#issuecomment-609773708
Received on Monday, 6 April 2020 12:50:05 UTC