- From: Elar Lang <notifications@github.com>
- Date: Fri, 16 May 2025 02:13:20 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 16 May 2025 09:13:24 UTC
elarlang left a comment (whatwg/fetch#1824) Thank you for the responses and information about the caveats for using the term "CORS-safelisted". > Incidentally, I have similar grievances about the term "site" First, a bit off-topic, but +100 for this and the context where I try to clarify the term "CORS-safelisted" is a security requirement to mitigate against so-called cross-**site** request forgery attack (fyi, which I prefer to name browser-side request forgery). The proposed "non-preflighted request" is well understandable and precise, if the context for the term is already CORS. If the context is not CORS by default, like it is in my case or as it is in the referenced MDN article, only using "non-preflighted request" may raise questions. Maybe "non-CROS-preflighted request" does the job for this? -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1824#issuecomment-2886128330 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/1824/2886128330@github.com>
Received on Friday, 16 May 2025 09:13:24 UTC