- From: Rob Buis <notifications@github.com>
- Date: Tue, 31 Mar 2020 06:39:43 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 31 March 2020 13:39:56 UTC
> Sorry, I don't have it all paged in. Looking more closely at `fetch/origin/assorted.window.js` and results in browsers it seems that they mostly _do_ include the `Origin` header for same-origin "cors" requests, despite the specification suggesting the opposite. Unfortunately it doesn't test non-POST methods as extensively. It would be good to have it confirmed that a same-origin "cors" request with method GET also includes the `Origin` header at all times. If that's the case I think we should move forward with this PR as-is. I created this to check above, let's see what happens: https://github.com/web-platform-tests/wpt/pull/22567 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1013#issuecomment-606633553
Received on Tuesday, 31 March 2020 13:39:56 UTC