- From: nirmalk401 <notifications@github.com>
- Date: Sun, 08 Mar 2026 06:04:40 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/1910/4019015551@github.com>
nirmalk401 left a comment (whatwg/fetch#1910) Following additional input from implementers ā particularly the discussion in the Google Buganizer system under **Public Trackers > 1362134 > Chromium > Blink > SecurityFeature > 486945325** ā and based on the overall analysis outlined in the previous comment, it appears that a CSP-based solution is the more practical and effective path forward. As noted in that discussion, a Fetch-level option would require individual requests to be explicitly annotated, which is difficult to enforce comprehensively (especially for third-party scripts and implicitly triggered subresource loads). A CSP directive, by contrast, provides centralized policy control, better inheritance semantics (including non-HTTP contexts), and leverages existing CSP enforcement and reporting mechanisms. Given this feedback, and to avoid splitting standardization efforts across parallel approaches, Iām closing this Fetch proposal in favor of continuing the work within the CSP discussion, where the deployment model appears stronger. Thanks again to everyone who engaged on this. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1910#issuecomment-4019015551 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/1910/4019015551@github.com>
Received on Sunday, 8 March 2026 13:04:44 UTC