- From: Jake Archibald <notifications@github.com>
- Date: Tue, 28 Sep 2021 05:36:09 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/1312/c929168185@github.com>
This PR aims to allow, without requiring a preflight, CORS requests with a `Range` header similar to those the browser would send when downloading media or a resumable download. When requesting media, browsers will typically request ranges like `bytes=123456-789012`, to target things like metadata in the resource, and `bytes=0-` for the initial media download. When resuming the download of files, browsers will typically just use the initial range, like `bytes=123-`. However, there are a few novel requests that this PR enables: - Ranges outside the `Content-Length` of the resource. - Tiny ranges, eg `bytes=123-123`. I don't think browsers do this. - `Range` along with a `POST` request. Downloads can be initiated via a `POST` request, but browsers will not send a `Range` header in these cases. - `Range` and `Origin` headers on a `GET` request. We already include `Origin` with `POST` requests, but not `GET` unless it's a CORS request. - Combining `Range` with unusual values in other [safe-listed headers](https://fetch.spec.whatwg.org/#cors-safelisted-request-header), such as `accept: whatever`. Only "ranges outside the `Content-Length` of the resource" makes me raise an eyebrow, so I'd like a second opinion on that. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1312#issuecomment-929168185
Received on Tuesday, 28 September 2021 12:36:21 UTC