- From: Titouan Rigoudy <notifications@github.com>
- Date: Wed, 14 Apr 2021 02:07:45 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 14 April 2021 09:07:58 UTC
Private Network Access is considering using structured fields for the new `Access-Control-Allow-Private-Network` header in https://github.com/WICG/private-network-access/issues/45. This header should be kept consistent with the existing `Access-Control-Allow-Credentials` header defined by the CORS protocol, since they both accept a single value: `"true"`.
It would be nice to modernize the existing ABNF-defined CORS header syntax to use structured fields instead.
To avoid backwards-incompatibility, the `Allow-Credentials` header in particular should probably be defined as a token instead of a boolean, which is unfortunate but surmountable.
It is less clear what to do with the `Access-Control-{Request,Allow}-{Method,Headers}` headers. Their syntax might be subtly different from that expected by structured fields' "list of tokens" type?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1216
Received on Wednesday, 14 April 2021 09:07:58 UTC