- From: Anne van Kesteren <notifications@github.com>
- Date: Mon, 24 Oct 2022 05:59:06 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/1513/review/1153096755@github.com>
@annevk commented on this pull request. > + +<p>Unless stated otherwise a <a for=/>filtered response</a>'s associated concepts (such as its +<a for=response>body</a>) refer to the associated concepts of its +<a for="filtered response">internal response</a>. (The exceptions to this are listed below as part +of defining the concrete types of <a for=/>filtered responses</a>.) + +<div class=note> + <p>The <a for=/>fetch</a> algorithm returns such a view to ensure APIs do not accidentally leak + information. If the information needs to be exposed for legacy reasons, e.g., to feed image data to + a decoder, the associated <a for="filtered response">internal response</a> can be used, which is + only "accessible" to internal specification algorithms. + + <p>New specifications ought not to build further on <a>opaque filtered responses</a> or + <a>opaque-redirect filtered responses</a>. Those are legacy constructs and cannot always be + adequately protected given contemporary computer architecture. +</div> <p>A <dfn export id=concept-filtered-response-basic>basic filtered response</dfn> is a "basic" is essentially about hiding cookies. "default" is a response that's not filtered at all. I think you only get that with synthetic responses that haven't gone through fetch. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1513#discussion_r1003283338 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1513/review/1153096755@github.com>
Received on Monday, 24 October 2022 12:59:19 UTC