Skip to content

Commit

Permalink
Update explainer.md about CORS safelisted checks
Browse files Browse the repository at this point in the history 
We will skip CORS safelisted checks if the preflight is only sent for PNA (i.e. would not have been set if it weren't for PNA).
  • Loading branch information
@johnathan79717
johnathan79717 authored Feb 5, 2024
1 parent e36babb commit 190f5d7
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion explainer.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,8 @@ Private network requests are handled differently than others, like so:
blocked.
- Otherwise, the original request is preceded by a
[CORS pre-flight request](https://fetch.spec.whatwg.org/#cors-preflight-request).
- There are no exceptions for CORS safelisting.
- CORS safelisting checks are skipped if the CORS preflight is only sent for PNA.
(i.e. it would not have been sent without PNA)
- The pre-flight request carries an additional
`Access-Control-Request-Private-Network: true` header.
- The response must carry an additional
Expand Down

0 comments on commit 190f5d7

Please sign in to comment.