Re: [whatwg/fetch] CORS readability for no-cors requests (Issue #1839)

pmeenan left a comment (whatwg/fetch#1839)

Maybe not if we caught it in time with recent additions to the web platform
tests for compression dictionary.

The risk is if there is client that sends "Accept-Encoding: dcb" for
no-cors requests that the response will work for clients that support
readibility override but fail for clients that don't with no way to
distinguish them.

The WPTs were updated to make sure the Accept-Encoding isn't sent for
no-cors requests. Chrome hasn't sent it since the feature launched and is
the only browser that has shipped support so it should be safe to
unilaterally assume that any client that includes the encoding does it
because it also supports readibility override.

As far as I know, compression dictionary encoding is the only feature that
depends on it where the origin needs to know and varies the response as a
result.

On Mon, Jun 30, 2025 at 10:26 PM Domenic Denicola ***@***.***>
wrote:

> *domenic* left a comment (whatwg/fetch#1839)
> <https://github.com/whatwg/fetch/issues/1839#issuecomment-3021507492>
>
> For no-cors requests, add a Sec-Accept-Content-Readability: public
> request header to advertise support to the origin for marking responses as
> readable.
>
> Is this part necessary?
>
> —
> Reply to this email directly, view it on GitHub
> <https://github.com/whatwg/fetch/issues/1839#issuecomment-3021507492>, or
> unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AADMOBOUSR6BV6G4F25XEIT3GHWWBAVCNFSM6AAAAACAOSXDWCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTAMRRGUYDONBZGI>
> .
> You are receiving this because you authored the thread.Message ID:
> ***@***.***>
>


-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1839#issuecomment-3021633491
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/1839/3021633491@github.com>

Received on Tuesday, 1 July 2025 03:39:54 UTC