- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 4 Jun 2014 10:44:33 +0200
- To: Mike West <mkwst@google.com>
- Cc: Brad Hill <hillbrad@gmail.com>, WebAppSec WG <public-webappsec@w3.org>
On Wed, Jun 4, 2014 at 10:00 AM, Mike West <mkwst@google.com> wrote: > On Wed, Jun 4, 2014 at 9:55 AM, Anne van Kesteren <annevk@annevk.nl> wrote: >> I don't see how it's lower than Fetch by the way. You need to process >> all headers before you know if you're going to follow a redirect. So >> it seems like you would know this around step 10 of >> http://fetch.spec.whatwg.org/#concept-fetch > > I think it would need to be before step 7 to catch redirects that set > frame-ancestors, right? How would that work, exactly? I guess the other thing here is that this only applies as part of navigate actions and those never follow redirects automatically (HTML needs to handle them itself for various reasons), so either way I think we'd be good. -- http://annevankesteren.nl/
Received on Wednesday, 4 June 2014 08:45:02 UTC