Re: [whatwg/fetch] should VARY be a cors-safelisted header? (Issue #1365) from Ben Kelly on 2021-12-03 (public-webapps-github@w3.org from December 2021)

From: Ben Kelly <notifications@github.com>
Date: Fri, 03 Dec 2021 08:23:35 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1365/985653194@github.com>

Well, I was trying to align chromium to the cache API spec where we are not supposed to look at the internal response for the vary header.  Switching to ignore vary headers seemed low risk for opaque responses, but seems more risky for CORS responses.  I'm unsure if I'll be able to align there or not.  It would simplify some things (and match my original expectations) if vary was cors safelisted.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1365#issuecomment-985653194

Received on Friday, 3 December 2021 16:23:48 UTC