Re: [whatwg/fetch] Clarification on CORS preflight fetches for TLS client certificates (#869) from Nikolas Grottendieck on 2026-06-12 (public-webapps-github@w3.org from June 2026)

From: Nikolas Grottendieck <notifications@github.com>
Date: Fri, 12 Jun 2026 08:07:03 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/869/4692501457@github.com>

Okeanos left a comment (whatwg/fetch#869)

I was involved in a larger internal enterprise project where mTLS was considered and ultimately scrapped because of this issue – much to the chagrin of everyone involved. The goal was to continuously use mTLS to protect to applications served nominally via the open internet.

Because of the behavior described above and critiqued in detail by @alexiade we couldn't use it.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/869#issuecomment-4692501457
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/869/4692501457@github.com>

Received on Friday, 12 June 2026 15:07:07 UTC