- From: Patrick Meenan <notifications@github.com>
- Date: Wed, 14 May 2025 06:28:02 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 14 May 2025 13:28:06 UTC
pmeenan left a comment (whatwg/fetch#341) This seems to come up on a pretty regular cadence with developers getting re-exposed to the rough edges that this brings to CORS (for the common cases). The most recent was from compression dictionaries where the link-based fetch uses CORS anonymous (uncredentialed). Not a huge deal since it's an idle-time fetch but was surprising to a few devs that were trying to figure out why it was using a different connection. Do we have a reasonably fresh summary of where things stand in today's world (with partitioned pools, IP-anonymization proxies, and client auth)? It feels like there are some extremely-rare edge cases that have held back the common case and I'm wondering how many of them we still think are a concern. For things like kerberos, NTLM or client TLS certs, are those not re-applied to the separate connection as well (so it's a separate instance but with the same connection-level identity carried)? -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/341#issuecomment-2880248729 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/341/2880248729@github.com>
Received on Wednesday, 14 May 2025 13:28:06 UTC