- From: Alexia Death <notifications@github.com>
- Date: Fri, 12 Jun 2026 12:03:30 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/869/4694386864@github.com>
alexiade left a comment (whatwg/fetch#869) Oh, I am very much in a right place. My usecase is mTLS secured WEB APPLICATION with gRPC endpoint deployed into a different VHOST. The clients are BROWSERS. mTLS is used as its name implies TRANSPORT LAYER SECURITY. Transport. The industry standard way its upposed to be used. The problem is that this standard compliant browser is not capable of supporting mTLS with gRPC because of this requirement while the gRPC itself recommends it. Are you trying to argue that bowsers will not in fact support using mTLS as transport layer security, as what it IS? That mTLS as tansport layer security, not as authentication method is not somethin browsers can be expected to do? That protecting against client impersonation attacks is in fact not permitted on the web and mTLS protected gRPC is not supposed to be supported? Again, is gRPC web or not? Is mTLS as a standard, established technology supported by browsers or not? If it is supported and gRPC is web then the demand to do preflight without mTLS needs to be dropped. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/869#issuecomment-4694386864 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/869/4694386864@github.com>
Received on Friday, 12 June 2026 19:03:34 UTC