- From: Martin Thomson <notifications@github.com>
- Date: Mon, 31 Mar 2025 00:14:21 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/1818/c2765329035@github.com>
martinthomson left a comment (whatwg/fetch#1818) I thought that that would attract comment :) > To double-check, this is not an example of the advice directly above it about CORS preflights, right? It's just coincidentially right after that [...] Yeah, I struggled with the transition there. It's coincidental positioning only. I have heard a number of people who say that they received advice about the prefix of the form that you describe. And there's a definite pattern of cargo-culting or at least naming consistency being used to justify more of it. That does real harm with things like `Sec-UA-etc...` where apps can't choose to hook into the capabilities that the header enable. Your example of speculation is one where the harm isn't obvious. Why would an app want to trigger a fetch marked as prefetch? If you can't imagine a reason, there's a tendency to slap a `Sec-` on and move on. But that is just a failure of imagination. We just can't imagine a case where someone might choose to fetch that way. I can easily imagine a site wanting to prefetch something on the basis of JS code deciding that a particular navigation is imminent. Why not also for speculative fetches as well? I can well imagine that the number of cases where the user agent is in a better position to drive that, but why deny apps that option? (Of course, the need for a preflight could make the prefetch too slow to be useful, but that's a separate problem.) -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1818#issuecomment-2765329035 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1818/c2765329035@github.com>
Received on Monday, 31 March 2025 07:14:25 UTC