- From: Noam Rosenthal <notifications@github.com>
- Date: Tue, 13 Apr 2021 08:59:45 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 13 April 2021 15:59:58 UTC
> I think this is problematic as this would distinguish a CORS network error from other network errors. That they are indistinguishable is a desirable security property. > All network errors that come after the CORS check should go through `fetch finale` and receive the RT entry, which only has a start/end time. It's true that only CORS-or-after errors would receive an RT entry. Is that still too exposing? I can remove this bit for now so that we can proceed with the other issues. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1202#issuecomment-818850878
Received on Tuesday, 13 April 2021 15:59:58 UTC