W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2020

Re: Next steps for Fetch Metadata

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 9 Jan 2020 14:01:56 +0100
Message-ID: <CADnb78jGcpWkxaiOBsdvngF0UqMsZ1s0fHT1E86ZPzAU9tZvkQ@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Daniel Veditz <dveditz@mozilla.com>, Web Application Security Working Group <public-webappsec@w3.org>, Jeffrey Yasskin <jyasskin@google.com>, Artur Janc <aaj@google.com>, Francois Marier <francois@brave.com>
On Thu, Jan 9, 2020 at 1:33 PM Mike West <mkwst@google.com> wrote:
> More generally, I wonder if you have opinions about the boundary points where this kind of split makes sense. If it makes sense for Fetch Metadata, would it have made sense for Cross-Origin-Resource-Policy? This isn't the last time we're going to run into the question, and I wonder if there's some sort of hybrid model we could come up with that might make sense for these integrated-but-distinct concepts orbiting HTML and Fetch.

I think that's reasonable.

What I'd like to see us do is to iterate and settle on the points
where it makes sense to set request headers and the points where it
makes sense to process response headers and ensure there's common
understanding and infrastructure in place to help with those things.
In the abstract there's a couple of clear places, but Fetch does not
do a good job of calling these out and defining their extension
properties. (For those unaware, service workers and the distinction
between documents/workers/worklets and subresources is why this
matters, mostly.)
Received on Thursday, 9 January 2020 13:02:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:55:10 UTC