Open devd opened 8 years ago
One idea for specifying user agent support is that all requests include a Suborigin header, even if the context is the null Suborigin (in which case, the Suborigin header is just the empty string).
lets separate that out to https://github.com/w3c/webappsec-suborigins/issues/29 and focus here just on the simple modifications to make all requests in a suborigin context to be treated as crossorigin.
[draft right now, please ignore if you are not joel ;)]
Right now, Section 4 focuses on particular examples like XHR, CORS etc for fetches. Instead, we should treat all fetches as crossorigin (e.g., an image tag).