[whatwg/fetch] Streaming upload and Timing-Allow-Origin (#1007) from Yutaka Hirano on 2020-03-16 (public-webapps-github@w3.org from March 2020)

From: Yutaka Hirano <notifications@github.com>
Date: Mon, 16 Mar 2020 02:16:18 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1007@github.com>

At https://github.com/whatwg/fetch/issues/966 we are talking about restricting the streaming upload feature only for certain HTTP versions (H1.1 and above, or H2 and above).

This may leak protocol versions, so we are wondering if `Timing-Allow-Origin` is needed.

On the other hand, the feature requires CORS preflight and some resource timing people talked about [a possibility that CORS implies TAO](https://groups.google.com/a/chromium.org/d/msg/loading-dev/tgx4pfmlq_I/8uLELH_0AgAJ).

@yoavweiss @npm1 What do you think?

cc: @sleevi @annevk @yoichio

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1007

Received on Monday, 16 March 2020 09:16:31 UTC