We want to specify a fallback URL origin manually.
Background
Currently, this module uses the Host header field's value to construct the fallback URL.
In this case, the fallback URL's origin is origin.example.com.
We have to specify the validity URL's origin to example.com. (cannot access origin from the internet)
But "validity-url" parameter is must be same-origin with requestUrl (fallback URL).
If the signature's "validity-url" parameter (Section 3.1) is not same-origin with requestUrl, return "invalid".
We want to specify a fallback URL origin manually.
Background
Currently, this module uses the
Host
header field's value to construct the fallback URL. In this case, the fallback URL's origin isorigin.example.com
. We have to specify the validity URL's origin toexample.com
. (cannot access origin from the internet)But "validity-url" parameter is must be same-origin with requestUrl (fallback URL).
https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#cross-origin-trust
We want to add
sxg_fallback_host
option.