Native apps can do as they darned well please re: the network...and here we are in 2020, struggling to connect to API endpoints. Very much need to figure out a path for PWAs that users trust to live under less restrictive rules too.
/cc @b1tr0t @inexorabletash @fugueishhttps://twitter.com/jaffathecake/status/1222071269962715141 …
-
-
It's all a disaster. I say that from the perspective of someone who came up against this over a decade ago (in-browser ebook reader) and now, at a company where SameSite=None is being liberally applied.
-
XHR/fetch should have had cookies stripped by default (and cross-origin limits removed) ages ago. There are other solutions to port/intranet scanning that could have been solved on the IT side rather than forcing every web dev to deal with the insane complexity.
- 8 more replies
New conversation -
-
-
It definitely is! https://github.com/WICG/origin-policy/blob/master/policy-format.md#cors-protocol … Doesn't really solve the whole problem, as the origin still needs to opt in. But at least they only opt in once. (Also, this eliminates any preflights after the first one, for if you're doing something more than a simple GET.)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.