Re: [whatwg/fetch] Prevent cross-origin sensitive header probing (PR #1434) from Ari Chivukula on 2022-10-05 (public-webapps-github@w3.org from October 2022)

From: Ari Chivukula <notifications@github.com>
Date: Wed, 05 Oct 2022 07:47:27 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1434/c1268542305@github.com>

> It seems this is only meant to impact CORS, but wouldn't some of these client hints be added to navigations and such? Some of these headers are added quite late in the game too (e.g., `Cookie` and `Authorization`) and I'm not sure how that would work given the envisioned setup.

Ah, does this require integration in the HTTP spec as well?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1434#issuecomment-1268542305
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1434/c1268542305@github.com>

Received on Wednesday, 5 October 2022 14:47:40 UTC