- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 11 Nov 2022 06:20:24 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 11 November 2022 14:20:36 UTC
Reading your draft I think you and I might have understood [the outcome of the meeting](https://github.com/fedidcg/FedCM/issues/320#issuecomment-1302570007) differently. Here's what I think: * Requests should not be more powerful than "cors" without preflight or "no-cors". You cannot use a `DELETE` method with this, for instance, or include custom headers. * The main benefit of this is not bypassing the CORS check, but bypassing "no-cors"-related checks, such as the upcoming opaque-response blocking and the existing `Cross-Origin-Resource-Policy` header. (As those are why "no-cors" is not an option and how we plan to make "no-cors" largely safe.) * It's also not clear to me that policy container is a drop-in replacement for an environment, although it might fit for a number of cases. That needs a bit more checking I think. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1533#issuecomment-1311753544 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1533/c1311753544@github.com>
Received on Friday, 11 November 2022 14:20:36 UTC