Imprecise Access-Control-Request-Headers examples give practitioners false expectations #33313
Labels
Content:HTTP
HTTP docs
needs triage
Triage needed by staff and/or partners. Automatically applied when an issue is opened.
Comments
jub0bs
added
the
needs triage
This was referenced Apr 29, 2024
sideshowbarker
pushed a commit
that referenced
this issue
May 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
MDN URL
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers
What specific section or headline is this issue about?
Directives and Examples
What information was incorrect, unhelpful, or incomplete?
The text and examples are misleading about the laxity of the format that the Fetch standard imposes on the
Access-Control-Request-Headersheader. This lack of precision can trip practitioners up: rs/cors#176What did you expect to see?
The Fetch standard requires browsers to construct a sorted list of unique, comma-delimited, byte-lowercase tokens corresponding to the CORS-unsafe request-header names. The text and the examples should reflect that.
Do you have any supporting links, references, or citations?
Do you have anything more you want to share?
Other pages of MDN Web Docs are affected.
The text was updated successfully, but these errors were encountered: