- From: Yoav Weiss <notifications@github.com>
- Date: Fri, 21 Oct 2022 02:06:27 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 21 October 2022 09:06:38 UTC
> @yoavweiss I think so, but then we also don't need stripping to just the essence, right? From my perspective, we don't need that (for neither this nor ServerTiming, which is TAO protected). I know that @achristensen07 disagrees with me on the ServerTiming/TAO aspects, but I'm not sure if he does on exposing such info to CORS enabled resources. > Not entirely clear to me how that relates to the "navigate"-related aspects of this PR, either. For the "navigate" parts, they require same-origin, so I don't think @achristensen07's threat model applies there. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1481#issuecomment-1286677045 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1481/c1286677045@github.com>
Received on Friday, 21 October 2022 09:06:38 UTC