- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 9 Jan 2020 14:01:56 +0100
- To: Mike West <mkwst@google.com>
- Cc: Daniel Veditz <dveditz@mozilla.com>, Web Application Security Working Group <public-webappsec@w3.org>, Jeffrey Yasskin <jyasskin@google.com>, Artur Janc <aaj@google.com>, Francois Marier <francois@brave.com>
On Thu, Jan 9, 2020 at 1:33 PM Mike West <mkwst@google.com> wrote: > More generally, I wonder if you have opinions about the boundary points where this kind of split makes sense. If it makes sense for Fetch Metadata, would it have made sense for Cross-Origin-Resource-Policy? This isn't the last time we're going to run into the question, and I wonder if there's some sort of hybrid model we could come up with that might make sense for these integrated-but-distinct concepts orbiting HTML and Fetch. I think that's reasonable. What I'd like to see us do is to iterate and settle on the points where it makes sense to set request headers and the points where it makes sense to process response headers and ensure there's common understanding and infrastructure in place to help with those things. In the abstract there's a couple of clear places, but Fetch does not do a good job of calling these out and defining their extension properties. (For those unaware, service workers and the distinction between documents/workers/worklets and subresources is why this matters, mostly.)
Received on Thursday, 9 January 2020 13:02:20 UTC