- From: eyeinsky <notifications@github.com>
- Date: Sun, 28 Feb 2021 12:53:19 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Sunday, 28 February 2021 20:53:32 UTC
> Yes, we want to limit the sources of those prompts to clear and actionable user interactions (e.g. navigations). This state machine gets confused from time to time. > > In theory, yes, but a number of such features exist because “in practice” this is not the case, and servers are ill-prepared (e.g. examining the message semantics while ignoring the request method used). Part of the reason for the preflight in the first place was to make sure that the server does understand the semantics and handles appropriately, and the omission of credentials prevents against confused deputy issues. If this is the case then in the long term, will non-preflighted requsts be removed entirely? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/869#issuecomment-787521138
Received on Sunday, 28 February 2021 20:53:32 UTC