Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CORS-preflight fetch #741

Closed
annevk opened this issue May 28, 2018 · 0 comments
Closed

CORS-preflight fetch #741

annevk opened this issue May 28, 2018 · 0 comments
Labels
security/privacy There are security or privacy implications

Comments

@annevk
Copy link
Member

annevk commented May 28, 2018

Thanks to @youennf in #733 I noticed that CORS-preflight fetches currently don't set the CORS flag when invoking HTTP-network-or-cache fetch. While this does not impact them setting the Origin header (due to using the OPTIONS method), it does impact it processing a 401, which it should not be doing.

@annevk annevk added the security/privacy There are security or privacy implications label May 28, 2018
annevk added a commit that referenced this issue May 28, 2018
Otherwise a 401 response would not necessarily result in rejection.

Fixes #741.
annevk added a commit that referenced this issue May 29, 2018
Otherwise a 401 response would not necessarily result in rejection.

Fixes #741.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security/privacy There are security or privacy implications
Development

No branches or pull requests

1 participant