Re: [whatwg/fetch] Clarification on CORS preflight fetches for TLS client certificates (#869) from Alexia Death on 2026-06-13 (public-webapps-github@w3.org from June 2026)

From: Alexia Death <notifications@github.com>
Date: Fri, 12 Jun 2026 23:12:48 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/869/4697707373@github.com>

alexiade left a comment (whatwg/fetch#869)

>  as a business owner have an interest in saying that my employees can't have "true privacy" in network connections

You have a right to block them, but not read them. If there is an intercepting proxy mTLS connections simply do not happen unless you configure THOSE SITES passthroughs. That's what corps usually do for banking sites and pkcs11 protected sites they either need or trust. For deckades. 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/869#issuecomment-4697707373
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/869/4697707373@github.com>

Received on Saturday, 13 June 2026 06:12:52 UTC