w3c / webappsec-suborigins

Suborigins
https://w3c.github.io/webappsec-suborigins/
Other
25 stars 9 forks source link

think through fetch modifications #25

Open devd opened 8 years ago

devd commented 8 years ago

[draft right now, please ignore if you are not joel ;)]

Right now, Section 4 focuses on particular examples like XHR, CORS etc for fetches. Instead, we should treat all fetches as crossorigin (e.g., an image tag).

joelweinberger commented 8 years ago

One idea for specifying user agent support is that all requests include a Suborigin header, even if the context is the null Suborigin (in which case, the Suborigin header is just the empty string).

devd commented 8 years ago

lets separate that out to https://github.com/w3c/webappsec-suborigins/issues/29 and focus here just on the simple modifications to make all requests in a suborigin context to be treated as crossorigin.