W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Request for input on Foreign Fetch

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 28 Jan 2016 14:57:20 -0800
Message-ID: <CADnb78gKp6F1c30VJemy5bvyNMZ_3LkwX2VzgpA-guY4AsSArQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Mike West <mkwst@google.com>, WebAppSec WG <public-webappsec@w3.org>, Marijn Kruisselbrink <mek@google.com>
On Thu, Jan 28, 2016 at 2:44 PM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> I suppose that responses retrieved via foreign fetch (as below) would
> be marked cross-origin and would be opaque by default:
> event.respondWith(fetch(...))

Yes, every kind of response that you did not put through the
Response.makeVisible() dance, whether same-origin, CORS, synthetic, or
already opaque, would become opaque in the eyes of the caller (and
potentially a network error therefore, depending on the caller's
request settings).

Received on Thursday, 28 January 2016 22:57:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC