Re: [whatwg/fetch] Add `range` to CORS-safelisted request-headers (#1310) from Joey Parrish on 2024-08-15 (public-webapps-github@w3.org from August 2024)

From: Joey Parrish <notifications@github.com>
Date: Thu, 15 Aug 2024 10:07:58 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1310/2291734217@github.com>

I just tried your snippet, and I think there is indeed something wrong.  The Range header is not sent at all with `mode: 'no-cors'`, but is if I omit that.

However, you should also know that your chosen URL does an HTTP 302 redirect, but browsers don't transfer `Range` headers when following redirects.

That said, I can reproduce your issue with other URLs that don't redirect.  For example:


```js
// Works
fetch('https://ajax.googleapis.com/ajax/libs/shaka-player/4.3.8/shaka-player.compiled.js', {
  headers: {
    Range: 'bytes=0-10240'
  }
})
```

```js
// Ignores Range header
fetch('https://ajax.googleapis.com/ajax/libs/shaka-player/4.3.8/shaka-player.compiled.js', {
  mode: 'no-cors',
  headers: {
    Range: 'bytes=0-10240'
  }
})
```

I'm no expert, but this certainly breaks my expectations.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1310#issuecomment-2291734217
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/1310/2291734217@github.com>

Received on Thursday, 15 August 2024 17:08:02 UTC