- From: Javier G. Visiedo <notifications@github.com>
- Date: Wed, 26 Apr 2023 16:49:37 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 26 April 2023 23:49:44 UTC
I'm currently trying to better understand in which way the shipment of this behavior impacts affected sites. In most cases, this policy will block calls to 1P and 3P APIs, and the vast majority doesn't seem to have Ux impacts. These are typically calls to backend services such as personalization, analytics, etc. I've been reaching out to sites where I observed impacts on the functionality of their pages, e.g. login not working, some widgets not showing, etc. and most took action. However this has become a game of wack-a-mole. Configuring a server to return wildcard for ACAH is probably the path of lowest friction today, therefore the usage is slowly growing, and it is slightly higher that what we'd be comfortable with for shipping. I see 2 possible ways forward. 1) ship it in a coordinated way with other browsers, or 2) discuss changing the [directive](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers#directives) if no browser is planning to comply. I'm personally inclined to prioritize (1) if there is an interest -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1278#issuecomment-1524220316 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/1278/1524220316@github.com>
Received on Wednesday, 26 April 2023 23:49:44 UTC