- From: Domenic Denicola <notifications@github.com>
- Date: Mon, 24 Feb 2020 08:10:30 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 24 February 2020 16:10:42 UTC
> So that means that every policy that might end up being backed by Origin Policy would have to be on a response? E.g., we'd have to store COOP+COEP on a response? I mean, kind of? An origin policy itself will be on the response, since it comes with the response. And COOP + COEP will be on the response since they are response headers. > From the link you gave it seems to be primarily about initialization of the document/worker environment which will also have access to the headers of the response and the Origin Policy, if any. Right, they have access to the response. And via the response they can get headers and origin policy. > I'd rather build less on top of response directly as usually this is not applicable generally (e.g., it's only for responses that end up creating globals) and it puts lots of logic in a subsystem that ultimately isn't really responsible for it. That seems like a large architectural change from how things currently work, and at least in Chrome, our implementation matches the current response-based spec. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1002#issuecomment-590407896
Received on Monday, 24 February 2020 16:10:42 UTC