- From: Arthur Sonzogni <notifications@github.com>
- Date: Tue, 03 Aug 2021 10:20:48 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 3 August 2021 17:21:01 UTC
Thanks! I understand now. So the problem isn't proxy controlled by the website, but proxies controlled by the user (or their company). User's at risk would be the ones who have installed a local proxy and override Chrome to trust their certificates. There isn't much we can do against security vulnerabilities caused by local proxy, but the least we can do it to send them headers to do the separation correctly, even if we can't ensure they will. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1253#issuecomment-892023087
Received on Tuesday, 3 August 2021 17:21:01 UTC