- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 07 Oct 2021 00:33:01 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 7 October 2021 07:33:13 UTC
On the topic of destination, I found #48 (context is the old destination) that gives some idea as to why we didn't want it to be developer-controlled and also (however briefly) discusses the model @asuth suggested of coupling the destination with the response (and making the response opaque in such cases) so it couldn't be abused. The simplest thing I think we could do here is to make it clear to the server that a service worker initiated the fetch. Perhaps something like Sec-Fetch-Client that'd we only use with service workers (and perhaps only for same origin requests?). Needs some more thought. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1323#issuecomment-937531021
Received on Thursday, 7 October 2021 07:33:13 UTC