- From: Ryan Sleevi <notifications@github.com>
- Date: Fri, 06 Aug 2021 03:57:23 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 6 August 2021 10:57:36 UTC
@annevk What I’m struggling with in your example is understanding why B isn’t guarded by the credentials flag. If the thinking is that this is some static CDN, where only A is guarded by credentials, then isn’t this “working as intended” from an HTTP semantics point of view? From an HTTP PoV, B is explicitly saying this is OK to coalesce between users of B, right? Where I’m going with this is trying to figure out how much NPK is trying to invent new semantics for the HTTP layer, versus being an opportunistic protection at the client. If you’d like it to be stronger, yes, we would have to define things that have semantic meaning. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1253#issuecomment-894179795
Received on Friday, 6 August 2021 10:57:36 UTC