- From: Yutaka Hirano <notifications@github.com>
- Date: Wed, 26 May 2021 02:51:25 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 26 May 2021 09:51:38 UTC
https://fetch.spec.whatwg.org/#cors-preflight-fetch defines _preflight_ as follows. > Let _preflight_ be a new request whose method is `OPTIONS`, URL is _request_’s current URL, initiator is _request_’s initiator, destination is _request_’s destination, origin is _request_’s origin, referrer is _request_’s referrer, referrer policy is _request_’s referrer policy, mode is "cors", tainted origin flag is _request_’s tainted origin flag, and response tainting is "cors". Note that _preflight_'s [window](https://fetch.spec.whatwg.org/#ref-for-concept-request-window) is not set, which means its value is "client". For usual requests the value is replaced with request's client or "window" in https://fetch.spec.whatwg.org/#concept-fetch but https://fetch.spec.whatwg.org/#cors-preflight-fetch calls https://fetch.spec.whatwg.org/#concept-http-network-or-cache-fetch directly and _preflight_'s window remains "client", which is somewhat an unexpected input there. I believe 407 should result in preflight failure, so we should set _preflight_'s [window](https://fetch.spec.whatwg.org/#ref-for-concept-request-window) to "no-window". -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1242
Received on Wednesday, 26 May 2021 09:51:38 UTC