Re: [whatwg/fetch] Recommend that servers follow the steps of CORS preflight for easier troubleshooting (Issue #1588) from Anne van Kesteren on 2023-09-20 (public-webapps-github@w3.org from September 2023)

From: Anne van Kesteren <notifications@github.com>
Date: Wed, 20 Sep 2023 07:23:33 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1588/1727837070@github.com>

They are separate things, no?

1 is about how much information you expose directly, not even considering timing attacks. Perhaps dynamic analysis gives away some of that too, but maybe you'd get blocked for doing that. It depends.

2 is about how quickly you respond to any particular request. Perhaps the server can always respond in a certain amount of time, whether it accepts or not, avoiding leaking information this way.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1588#issuecomment-1727837070
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/1588/1727837070@github.com>

Received on Wednesday, 20 September 2023 14:23:38 UTC