- From: Ben Kelly <notifications@github.com>
- Date: Thu, 02 Dec 2021 07:45:41 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 2 December 2021 15:45:54 UTC
Currently VARY is not a cors-safelisted header: https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name This means that VARY header matching in cache_storage will not work by default for cors responses. Is this intended? Servers can opt-in to exposing VARY by using `access-control-expose-headers`, but I wonder if we could/should add VARY to the cors safelist. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1365
Received on Thursday, 2 December 2021 15:45:54 UTC