Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Range to no-cors safelisted headers #1767

Open
joeyparrish opened this issue Aug 16, 2024 · 2 comments
Open

Add Range to no-cors safelisted headers #1767

joeyparrish opened this issue Aug 16, 2024 · 2 comments

Comments

@joeyparrish
Copy link

What is the issue with the Fetch Standard?

Range requests are critical in media streaming applications, and I believe they should be safe for no-cors mode. I would like them to be added to the list of no-cors safelisted headers: https://fetch.spec.whatwg.org/#no-cors-safelisted-request-header-name

See conversation in #1310.

@joeyparrish
Copy link
Author

Also, much gratitude to @annevk for patiently explaining things to us and for filing mdn/content#35488

@annevk
Copy link
Member

annevk commented Aug 17, 2024

Every time we have expanded what no-cors can do we have regretted it. There's also a general policy that new features need to use CORS. This idea has the backing of Chrome's security team? I'm very much opposed to this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants