Re: [whatwg/fetch] Make Cors requests not take Referrer-Policy into account (#1013)

Sorry, I don't have it all paged in. Looking more closely at `fetch/origin/assorted.window.js` and results in browsers it seems that they mostly _do_ include the `Origin` header for same-origin "cors" requests, despite the specification suggesting the opposite. Unfortunately it doesn't test non-POST methods as extensively. It would be good to have it confirmed that a same-origin "cors" request with method GET also includes the `Origin` header at all times. If that's the case I think we should move forward with this PR as-is.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1013#issuecomment-606626171

Received on Tuesday, 31 March 2020 13:27:12 UTC