- From: Jake Archibald <notifications@github.com>
- Date: Tue, 31 Mar 2020 05:51:52 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 31 March 2020 12:52:05 UTC
Possible solutions: --- Add the request method onto the response, then update the HTML spec so APIs that accept no-cors requests reject if the response is no-cors and the request method is not `GET`. --- Limit cross origin no-cors requests to `GET`. Which APIs can currently make no-cors non-navigation POST requests? `sendBeacon` is one. It isn't clear to me why that's no-cors. But, I don't know if we could change it now. If that's the only one, we could make `sendBeacon` bypass the service worker. I think it already bypasses in Chrome fwiw. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1509#issuecomment-606606887
Received on Tuesday, 31 March 2020 12:52:05 UTC