Re: [whatwg/fetch] Specify the behavior of `COEP: credentialless`, (#1229) from Yutaka Hirano on 2021-06-10 (public-webapps-github@w3.org from June 2021)

From: Yutaka Hirano <notifications@github.com>
Date: Thu, 10 Jun 2021 08:06:15 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1229/c858702541@github.com>

> What is the main difference in between request's origin and request's client's origin?

For example, [process a nativate fetch](https://html.spec.whatwg.org/multipage/browsing-the-web.html#process-a-navigate-fetch) manually sets request's origin (step 4.1).

> Do you foresee a case where the difference matter for COEP:credentialless?

Regarding this algorithm, no. For requests with mode: "no-cors", I believe they match. In any case, request's origin is the source of truth for other checks, so using it here is better for consistency.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1229#issuecomment-858702541

Received on Thursday, 10 June 2021 15:07:59 UTC