W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2020

Re: Next steps for Fetch Metadata

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 9 Jan 2020 11:51:55 +0100
Message-ID: <CADnb78hBv9N8EKdzsZZU4qN7Jk1gOCB=cwSzC81qPSPyttPnVA@mail.gmail.com>
To: Daniel Veditz <dveditz@mozilla.com>
Cc: Mike West <mkwst@google.com>, Web Application Security Working Group <public-webappsec@w3.org>, Jeffrey Yasskin <jyasskin@google.com>, Artur Janc <aaj@google.com>, Francois Marier <francois@brave.com>
On Wed, Jan 8, 2020 at 7:48 PM Daniel Veditz <dveditz@mozilla.com> wrote:
> There was overwhelming support for us to publish something so it's described (at least as a concept) in one place. I couldn't tell how strongly people felt about whether it needed to be normative or whether a non-normative NOTE would be OK. (Personally I'd be happy either way.)

I'm okay with Fetch calling "set the Fetch metadata headers for a
request" and adding the new request boolean.

(A concern I have with the growing number of WebAppSec specifications
is maintenance. Keeping things external is nice as it simplifies
maintenance of the main module, but some upkeep has to be done. And
currently even "internal" dependencies such as SRI depending on CSP
bits get out of sync. In part this can be helped by better tooling,
but periodic review and editing would also help.)
Received on Thursday, 9 January 2020 10:52:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:55:10 UTC