Re: [whatwg/fetch] Add TAO destination check for navigation redirect chains (PR #1931)

yoavweiss left a comment (whatwg/fetch#1931)

> Wouldn't it be simpler to keep a list of TAO value sets and iterate over them when computing the "navigation TAO check"?

@annevk made a similar comment earlier on.

What we can do is something like:
* We need the end response of the chain to have a list of lists of all the TAO values each response seen. We can get that by adding the a list of lists of past values to the redirect request and then move it to the response. 
* Navigation TAO check would verify that the TAO values of each response contain "*" or destination origin, otherwise it'd fail.

I don't know that it's simpler (and it seems like we'd be copying more values around between redirect responses), but happy to move to that model if that's simpler/easier

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1931#issuecomment-4669550305
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1931/c4669550305@github.com>

Received on Wednesday, 10 June 2026 11:16:39 UTC