Re: [whatwg/fetch] Perform a CSP check when consuming preloaded response (PR #1411) from Noam Rosenthal on 2022-03-11 (public-webapps-github@w3.org from March 2022)

From: Noam Rosenthal <notifications@github.com>
Date: Fri, 11 Mar 2022 04:40:12 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1411/c1065077810@github.com>

> * It seems that "Run report Content Security Policy violations for request" wouldn't happen.

Does that need to happen again? The request in question had already been processed.

But I agree that this is indeed concerning.  Not so much for the preload case where we can define that all the checks happen a second time, but I'm more concerned about other memory cache scenarios that are not clearly specified.


-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1411#issuecomment-1065077810
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1411/c1065077810@github.com>

Received on Friday, 11 March 2022 12:40:24 UTC