search

WICG / shared-storage

Explainer for proposed web platform Shared Storage API
Other
85 stars 18 forks source link

Update explainer: Add 'Sec-' prefix to request header #120

Closed pythagoraskitty closed 8 months ago

pythagoraskitty commented 8 months ago

The request header added to requests that are eligible to write to shared storage via response header ought to be a "forbidden header" according to the Fetch specification, i.e. a header that JS cannot add or modify.

We were using Shared-Storage-Writable as the name of the request header, which was not a forbidden header and could be modified by JS.

This commit updates the explainer to add the prefix Sec- in order to make this header forbidden. The new request header attached to eligible outgoing requests will be Sec-Shared-Storage-Writable: ?1.

We will update the specification draft accordingly in #121.

pythagoraskitty commented 8 months ago

@xyaoinum PTAL, thanks!