- From: Mike West <notifications@github.com>
- Date: Tue, 02 Mar 2021 04:32:59 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/993/c788875787@github.com>
I merged the last few months of changes in https://github.com/whatwg/fetch/pull/993/commits/f7800972676ffd16648ed401603ce3a9696a6fbe, and moved the integration out of "main fetch" and into "HTTP-network-or-cache" fetch in https://github.com/whatwg/fetch/pull/993/commits/58d9d1870d9adc2bd348033c3bf897fe38729ae2. I believe that addresses the following concerns: * We do not expose the headers to the `Request.headers` accessor in Service workers, as they're added after SW have a shot at handling the request. That should allow us to resolve https://github.com/w3c/webappsec-fetch-metadata/issues/38. * The HTTPS->HTTP->HTTPS redirect behavior described in the spec (and in WPT) should fall naturally out of this change for the same reason (we recalculate on each hop), which should allow us to resolve https://github.com/w3c/webappsec-fetch-metadata/issues/29. * We can punt the question of a more generic `Sec-*` carveout for CORS preflights, as this change ensures that headers are added after the point at which we would have send a preflight (in HTTP fetch). I've skimmed very quickly through other bugs, but nothing other than https://github.com/whatwg/html/pull/5203 jumps out at me as needing to be resolved before landing this integration. I'll try to label things accordingly if I can find some time. WDYT? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/993#issuecomment-788875787
Received on Tuesday, 2 March 2021 12:33:12 UTC