Re: [whatwg/fetch] Header to opt out of opaque redirect (#601)

What I linked also points to https://fetch.spec.whatwg.org/#atomic-http-redirect-handling which is also discussed earlier in the thread. Basically, the value of a `Location` header can about as sensitive as an HttpOnly cookie.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/601#issuecomment-783573576

Received on Monday, 22 February 2021 18:21:08 UTC