Re: [whatwg/fetch] Do not CORS-safelist a Range header without a start (PR #1501) from Dan Robertson on 2022-10-12 (public-webapps-github@w3.org from October 2022)

From: Dan Robertson <notifications@github.com>
Date: Wed, 12 Oct 2022 08:06:03 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1501/review/1139271294@github.com>

@dlrobertson commented on this pull request.

Good catch! It appears there is a test [here](https://github.com/web-platform-tests/wpt/blob/master/cors/cors-safelisted-request-header.any.js#L52) (if I'm reading the test right).

Random note: The spec steps I believe do not allow for whitespace (covered by [these tests](https://github.com/web-platform-tests/wpt/blob/master/cors/cors-safelisted-request-header.any.js#L57-L58), but the new blob range request tests (https://github.com/web-platform-tests/wpt/pull/34384) do have some tests that expect whitespace to be acceptable.



-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1501#pullrequestreview-1139271294
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1501/review/1139271294@github.com>

Received on Wednesday, 12 October 2022 15:06:16 UTC