Re: [whatwg/fetch] Allow HTTP scheme fetches to make CORS preflight for navigations (PR #1785) from Anne van Kesteren on 2024-12-06 (public-webapps-github@w3.org from December 2024)

From: Anne van Kesteren <notifications@github.com>
Date: Fri, 06 Dec 2024 07:09:23 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1785/review/2485084809@github.com>

@annevk commented on this pull request.

I think these need to be separate steps as this is confusing. It also misses a bunch of markup for the various concepts.

Then, I wonder if we need to identify these preflights are for navigations in some respect to the server as they might well want to enforce different policies between subresources and navigations. Perhaps Sec-Fetch-Dest suffices for that. Ideally we find something here that is unified with Private/Local Network Access.

I would also like to research why we identify whether a request needs a preflight in two separate locations currently. I can't remember and having now read it a few times I don't understand. Any chance you want to dig into blame? If not I'll get to it in due course.

The name _makeCORSPreflight_ also seems rather confusing as it doesn't actually mean a CORS preflight will be made.



-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1785#pullrequestreview-2485084809
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1785/review/2485084809@github.com>

Received on Friday, 6 December 2024 15:09:27 UTC