- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 13 Oct 2014 15:53:20 +0200
- To: WHATWG <whatwg@whatwg.org>
Per XMLHttpRequest User-Agent has been off limits for script. Should we keep it that way for fetch()? Would it be harmful to allow it to be omitted? https://github.com/slightlyoff/ServiceWorker/issues/399 A possible attack I can think of would be an firewall situation that uses the User-Agent header as authentication check for certain resources. -- https://annevankesteren.nl/
Received on Monday, 13 October 2014 13:53:45 UTC