W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Request for input on Foreign Fetch

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 29 Jan 2016 09:44:24 +1100
Message-ID: <CABkgnnXgfomXuAfdnX7CJPBVeXW+vC_sNtuY8x4CFEbGuT7-Ow@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Mike West <mkwst@google.com>, WebAppSec WG <public-webappsec@w3.org>, Marijn Kruisselbrink <mek@google.com>
On 29 January 2016 at 02:18, Anne van Kesteren <annevk@annevk.nl> wrote:
>   event.respondWith(Response.makeVisible(fetch(...), { origin: ...,
> headers: [ ... ] }))


I suppose that responses retrieved via foreign fetch (as below) would
be marked cross-origin and would be opaque by default:

event.respondWith(fetch(...))
Received on Thursday, 28 January 2016 22:44:52 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:17 UTC