Re: [whatwg/fetch] Make Cors requests not take Referrer-Policy into account (#1013) from Rob Buis on 2020-03-31 (public-webapps-github@w3.org from March 2020)

From: Rob Buis <notifications@github.com>
Date: Tue, 31 Mar 2020 05:56:14 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1013/c606609139@github.com>

> We also need to update the note above which also talks about using response tainting.

Good point, I missed it, fixed.

> Looking at [cc80ec5](https://github.com/whatwg/fetch/commit/cc80ec58d24668413b7a3c7160d9b4d83ace7b20) I wonder if we need to take both into account, as otherwise same origin requests will include the `Origin` header, which at least per the specification it has never done.

To be clear, I think we want to either fix the specification or the test, I have no big preference so just let me know what direction we will go and I can make the patch if needed.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1013#issuecomment-606609139

Received on Tuesday, 31 March 2020 12:56:27 UTC