24375 2014-01-23 19:25:33 +0000 Explain why redirects are atomic 2014-05-19 12:39:41 +0000 1 1 1 Unclassified WHATWG Fetch unspecified PC All RESOLVED FIXED P2 normal Unsorted 1 annevk annevk mike sideshowbarker+fetchspec oldest_to_newest 98954 0 annevk 2014-01-23 19:25:33 +0000 If we expose redirects a same-origin request with a httponly cookie that redirects with some credentials to a cross-origin URL could be exposed and would make existing services less secure. Jonas Sicking brought this up 23 Jan 2014. Apparently this was a problem when Gecko did not return a network error from XMLHttpRequest for that scenario but instead returned the redirect response. 98955 1 annevk 2014-01-23 19:25:55 +0000 See also https://github.com/slightlyoff/ServiceWorker/issues/47#issuecomment-33158765 106335 2 annevk 2014-05-19 12:39:41 +0000 https://github.com/whatwg/fetch/commit/c62ca3cf40c6f7cef2d2e423185b7d1ffed89eb9