- From: Noam Rosenthal <notifications@github.com>
- Date: Wed, 27 Apr 2022 06:42:17 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 27 April 2022 13:42:29 UTC
@noamr commented on this pull request. > + <p>If <var>request</var>'s <a for=request>mode</a> is "<code>navigate</code>", and + <var>request</var>'s <a for=request>current URL</a>'s <a for=url>origin</a> is not + <a>same origin</a> with <var>request</var>'s <a for=request>origin</a>, then + return failure. It wouldn't succeed if `A2` redirects to `B` which redirects to `A3`, as the TAO check is done in the `B` redirect response and would set the TAO failed flag. And it uses the [serialized request origin](https://fetch.spec.whatwg.org/#serializing-a-request-origin) which takes redirect-tainting into account. All of these concerns are baked into the TAO check already, all my patch does is ignore the `basic` [response tainting](https://fetch.spec.whatwg.org/#concept-request-response-tainting) when in a nested navigation. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1422#discussion_r859816746 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1422/review/954928195@github.com>
Received on Wednesday, 27 April 2022 13:42:29 UTC