Only thing I could think that he might've been referring to is: https://github.com/w3c/ServiceWorker/blob/master/foreign_fetch_explainer.md … 
-
-
Replying to @hichaelmart @mikeal
And that's very CORS like — the remote server has to opt into revealing data. My money's on misunderstanding fetch(url, {mode: 'no-cors'});
1 reply 0 retweets 3 likes -
In which case I'll leave this here https://jakearchibald.com/2015/thats-so-fetch/#no-cors-and-opaque-responses …
1 reply 1 retweet 5 likes -
Replying to @jaffathecake @hichaelmart
Ugh, yes, did misunderstand, this is just as useless as always. Why can't we have foreign requests exclude credentials and tracking.
1 reply 0 retweets 1 like -
We can... Use a proxy. Oh? We should build one into the browser, you say? Under whose control?
2 replies 0 retweets 0 likes -
Native applications can do this without a proxy, why do we require additional infrastructure overhead for the web to have parity?
3 replies 0 retweets 2 likes -
That's basically the least compelling security argument ever offered.
2 replies 0 retweets 1 like -
Replying to @slightlylate @domenic and
Also, an open proxy for your application is another security nightmare, just not the browsers problem and pushed on the developer.
1 reply 0 retweets 0 likes -
Replying to @mikeal @slightlylate and
Yes... It's almost as if the ability to make arbitrary requests anywhere is a power we shouldn't just give out to everybody... Funny, that.
1 reply 0 retweets 0 likes -
Replying to @domenic @slightlylate and
I disagree with this sentiment entirely.
1 reply 0 retweets 1 like
(btw, I'm not defending CORS in general; it *is* a problem)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.