[whatwg/fetch] same-origin/cors requests and opaqueredirect (#1145) from Ben Kelly on 2021-01-22 (public-webapps-github@w3.org from January 2021)

From: Ben Kelly <notifications@github.com>
Date: Fri, 22 Jan 2021 07:14:44 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1145@github.com>

I'm sorry if we've discussed this before, but what is the motivation for hiding manual redirect responses for same-origin/cors requests behind an opaqueredirect filtered response?  It seems for same-origin and cors it should be ok to know the status and location header.

For additional context, hiding the data in an opaque-style response has additional costs when stored in the cache API.  To avoid leaking information through the storage.estimate() API generally these responses have to be padded out with a large amount of quota space.  This seems very punitive for same-origin and cors responses.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1145

Received on Friday, 22 January 2021 15:14:57 UTC