W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2015

Re: [CSP] Difference in browser behaviour for 304 responses

From: Anne van Kesteren <annevk@annevk.nl>
Date: Sun, 11 Oct 2015 09:42:54 +0200
Message-ID: <CADnb78hQ7iLAfDjsj_j09UG_aUHmLeWhoRGCprKoHMFnAKArRw@mail.gmail.com>
To: André N. Klingsheim <andre.klingsheim@owasp.org>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Sat, Oct 10, 2015 at 4:42 PM, André N. Klingsheim
<andre.klingsheim@owasp.org> wrote:
> This particular scenario is not mentioned in the spec, it would perhaps be
> worth specifying in the next version?

See https://github.com/whatwg/fetch/issues/97.


> Thoughts? Should I submit an issue and/or bug somewhere?

I would recommend filing a bug against Chromium. We want the
update-headers behavior for CORS too. Would make sense to keep that
consistent.


-- 
https://annevankesteren.nl/
Received on Sunday, 11 October 2015 07:43:19 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC