-
Notifications
You must be signed in to change notification settings - Fork 340
Issues: whatwg/fetch
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Milestones
Assignee
Sort
Issues list
Allow Origin and Access-Control-Allow-Origin to have multiple values
addition/proposal
New features or enhancements
needs implementer interest
Moving the issue forward requires implementers to express interest
topic: cors
#1790
opened Dec 5, 2024 by
arulthileeban
Add New features or enhancements
topic: cors
Last-Event-ID to CORS-safelisted request headers
addition/proposal
#1788
opened Nov 19, 2024 by
rexxars
Loading…
3 of 5 tasks
If a resource allows credentials but omits Vary, shouldn't responses to non-CORS requests also contain Access-Control-Allow-Credentials?
clarification
Standard could be clearer
topic: cors
#1601
opened Feb 2, 2023 by
jub0bs
Proposal: CORS means TAO by default
addition/proposal
New features or enhancements
topic: cors
#1414
opened Mar 17, 2022 by
noamr
CORS-safelisting particular client hints
topic: client hints
topic: cors
#1383
opened Jan 19, 2022 by
eeeps
should VARY be a cors-safelisted header?
security/privacy
There are security or privacy implications
security-tracker
Group bringing to attention of security, or tracked by the security Group but not needing response.
topic: cors
#1365
opened Dec 2, 2021 by
wanderview
Access-Control-Max-Age not effective in preflight request caching when Authorization header is programatically defined
needs tests
Moving the issue forward requires someone to write tests
topic: cors
#1278
opened Aug 4, 2021 by
mfbx9da4
Should credentialed, same-site, cross-origin requests be easier to enable?
addition/proposal
New features or enhancements
needs implementer interest
Moving the issue forward requires implementers to express interest
topic: cors
#1226
opened Apr 29, 2021 by
colinclerk
Remove Cache-Control and Expires headers from the CORS-safelisted response headers to prevent user tracking
security/privacy
There are security or privacy implications
security-tracker
Group bringing to attention of security, or tracked by the security Group but not needing response.
topic: cors
#1128
opened Dec 16, 2020 by
plaperdr
Using "no-cors" to distinguish between a network error and a request blocked by CORS
security/privacy
There are security or privacy implications
topic: cors
topic: orb
#1123
opened Dec 8, 2020 by
alexkar598
CORS-safelisted request-headers and Client Hints
topic: cors
topic: http
#1006
opened Mar 12, 2020 by
mnot
CORS safelisting trace context header
needs implementer interest
Moving the issue forward requires implementers to express interest
topic: cors
#911
opened Jun 20, 2019 by
hmdhk
"no-CORS-safelisted request-header" definition can be simplified
topic: cors
#898
opened Apr 20, 2019 by
Sebmaster
Cache-Friendly Access-Control-Allow-Origin
addition/proposal
New features or enhancements
needs implementer interest
Moving the issue forward requires implementers to express interest
topic: cors
#890
opened Apr 3, 2019 by
nigoroll
Clarification on CORS preflight fetches for TLS client certificates
clarification
Standard could be clearer
topic: cors
#869
opened Feb 6, 2019 by
sleevi
CORS Content-Type "bypass" 2
security/privacy
There are security or privacy implications
topic: cors
#838
opened Nov 22, 2018 by
annevk
Safelist Last-Event-ID
security/privacy
There are security or privacy implications
topic: cors
#568
opened Jul 20, 2017 by
annevk
Vary HTTP cache on credentials mode
security/privacy
There are security or privacy implications
topic: cors
topic: http
#307
opened May 20, 2016 by
annevk
ProTip!
Add no:assignee to see everything that’s not assigned.