- From: bvandersloot-mozilla <notifications@github.com>
- Date: Fri, 11 Nov 2022 10:35:48 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/1533/c1312057902@github.com>
> Reading your draft I think you and I might have understood https://github.com/fedidcg/FedCM/issues/320#issuecomment-1302570007 differently. I think we understood the same thing at the end of the meeting, by my understanding diverged with the days between the meeting and when I sat down to draft and my own poor note-taking. I will take another pass to more closely reflect the version you describe in your first two bullets. > It's also not clear to me that policy container is a drop-in replacement for an environment. I don't think that's quite what I'm doing. I made two distinct changes wrt policy containers: - Make the `cross-origin resource policy check` use the request's policy container, rather than ignoring it and assuming a value of "client" and non-null client. This looked like a bug that needed fixing. - Assert that unsafe-no-cors requests do not fallback to a default policy container because none was provided. This is removing a foot-gun of using this version of unsafe-no-cors. I was thinking that the caller using unsafe-no-cors would construct or have available a global or environment that is the "main process" context and be able to use that. That felt out of the scope of this spec, aside from the warning I added, since the request's client is an argument. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1533#issuecomment-1312057902 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1533/c1312057902@github.com>
Received on Friday, 11 November 2022 18:36:01 UTC