- From: jub0bs <notifications@github.com>
- Date: Tue, 31 Dec 2024 01:39:49 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/1601/2566289002@github.com>
@annevk I'd like to revive this issue and, if we can come to an understanding, submit a PR for it. By https://github.com/whatwg/fetch/issues/1601#issuecomment-1418899997, I'm guessing you meant replacing > However, if `Access-Control-Allow-Origin` is set to * or a static origin for a particular resource, then configure the server to always send `Access-Control-Allow-Origin` in responses for the resource — for non-CORS requests as well as CORS requests — and do not use `Vary`. by something like > However, if CORS-response headers (`Access-Control-Allow-Origin` and/or `Access-Control-Allow-Credentials` and/or `Access-Control-Expose-Headers`) are set to static values for a particular resource, then configure the server to > > - always send those headers in responses to CORS requests for the resource but omit them in responses to non-CORS requests for the resource, > - always list `Sec-Fetch-Mode` in `Vary` in responses for the resource, both for non-CORS requests as well as CORS requests, and > - do not list `Origin` in `Vary`. Or did you have something else in mind? -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1601#issuecomment-2566289002 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/1601/2566289002@github.com>
Received on Tuesday, 31 December 2024 09:39:53 UTC