W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Request for input on Foreign Fetch

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 28 Jan 2016 07:18:50 -0800
Message-ID: <CADnb78gK9SDyN2a7gz9-OQg0DZ=hKj2jaVoM+tQ-u9aKQM40PQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Mike West <mkwst@google.com>, WebAppSec WG <public-webappsec@w3.org>, Marijn Kruisselbrink <mek@google.com>
On Wed, Jan 27, 2016 at 8:15 PM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> Can then we reduce this problem to one of developer education?

That was our outcome. Part of that was requiring this explicit
"visible" wrapper on the response to make it perfectly clear you are
now sharing what is in it. Exact shape TBD, but something like

  event.respondWith(Response.makeVisible(fetch(...), { origin: ...,
headers: [ ... ] }))


-- 
https://annevankesteren.nl/
Received on Thursday, 28 January 2016 15:19:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC