[whatwg/fetch] Make Cors requests not take Referrer-Policy into account (#1013) from Rob Buis on 2020-03-30 (public-webapps-github@w3.org from March 2020)

From: Rob Buis <notifications@github.com>
Date: Mon, 30 Mar 2020 02:31:20 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1013@github.com>

The test fetch/origin/assorted.window.js indicates that CORS (mode
is Cors) requests should not take Referrer-Policy into account, however
basing this on the tainting value seems to invalidate that, as same-origin
Cors fetches set tainting to Basic, not Cors, and would take
Referrer-Policy into account, so instead of tainting base Step 2
on mode.
You can view, comment on, or merge this pull request online at:

  https://github.com/whatwg/fetch/pull/1013

-- Commit Summary --

  * Make Cors requests not take Referrer-Policy into account

-- File Changes --

    M fetch.bs (2)

-- Patch Links --

https://github.com/whatwg/fetch/pull/1013.patch
https://github.com/whatwg/fetch/pull/1013.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1013

Received on Monday, 30 March 2020 09:31:33 UTC