Re: [whatwg/fetch] New Proposal: Fetch retry (Issue #1838) from Rakina Zata Amni on 2025-07-10 (public-webapps-github@w3.org from July 2025)

From: Rakina Zata Amni <notifications@github.com>
Date: Thu, 10 Jul 2025 08:08:23 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1838/3057858048@github.com>

rakina left a comment (whatwg/fetch#1838)

Thanks.

> Sending new headers across origins is concerning. I also have a concern
about those headers revealing something about the end user's network
environment.

By "new-headers", do you mean the "Retry-Attempts" count and the
"Retry-GUID" headers? Can you elaborate more on what is the concerning
part? Do headers on fetch requests typically get stripped on cross-origin
redirects? (Trying to understand what is the difference than e.g. the site
manually setting this headers)

> Speaking of origins, it seems concerning to allow this for "no-cors"
requests.

Can you elaborate here as well? Is it not possible to know that there's a
network error in this mode? Or is this because of the headers?

> "Idempotent" needs some kind of definition that accounts for unknown HTTP
methods.

Yeah probably it's safer to not retry on unknown methods except
"retryNonIdempotent" is true as well?

On Thu, Jul 10, 2025 at 11:43 PM Anne van Kesteren ***@***.***>
wrote:

> *annevk* left a comment (whatwg/fetch#1838)
> <https://github.com/whatwg/fetch/issues/1838#issuecomment-3057763297>
>
> Sending new headers across origins is concerning. I also have a concern
> about those headers revealing something about the end user's network
> environment.
>
> Speaking of origins, it seems concerning to allow this for "no-cors"
> requests.
>
> "Idempotent" needs some kind of definition that accounts for unknown HTTP
> methods.
>
> I'll try to find out if others have more feedback.
>
> —
> Reply to this email directly, view it on GitHub
> <https://github.com/whatwg/fetch/issues/1838#issuecomment-3057763297>, or
> unsubscribe
> <https://github.com/notifications/unsubscribe-auth/ABPN2ERSN5N2I24JVEU5CRT3HZ32XAVCNFSM6AAAAACAI7HJ62VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTANJXG43DGMRZG4>
> .
> You are receiving this because you authored the thread.Message ID:
> <whatwg/fetch/issues/1838/3057763297 ***@***.***>
>


-- 
Regards,

Rakina


-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1838#issuecomment-3057858048
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/1838/3057858048@github.com>

Received on Thursday, 10 July 2025 15:08:27 UTC