- From: Shikho18 <notifications@github.com>
- Date: Tue, 28 Jan 2025 03:38:33 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/1806/review/2577956029@github.com>
@Shikho18 commented on this pull request. > @@ -9062,6 +9062,107 @@ done only by navigations). The <a>fetch controller</a> is also used to <a for=request>redirect mode</a> set to "<code>manual</code>". Shikho18 > +IP address. + +<p>To keep this information from leaking, SOP restricts requests that come from the visited +<a for=/>origin</a> to only target that same-origin, while allowing a few mechanisms for an origin +to access cross-origin data safely. + +<h4 id=fetch-elsewhere-cors>Cross-origin resource sharing (CORS)</h4> + +<p>The main way to access cross-origin data is via the <a>cors protocol</a>, described in detail in +this standard. CORS (Cross Origin Resource Sharing) is built on the principle that origins that want +to access data from other origins need to identify themselves, and get explicit approval from the +server to access that data, thus not relying on any implict trust given to the user agent or to the +machine the user agent is installed on. + +<p>This is done by sending the `<a http-header><code>Origin</code></a>` header with CORS-enabled +requests, and expecting a matching `<a http-header><code>Access-Control-Allow-Origin</code></a>` Shikho8 -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1806#pullrequestreview-2577956029 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1806/review/2577956029@github.com>
Received on Tuesday, 28 January 2025 11:38:37 UTC