28343 2015-03-26 14:33:15 +0000 "manual redirect flag" 2015-03-27 12:31:56 +0000 1 1 1 Unclassified WHATWG Fetch unspecified PC Linux RESOLVED FIXED P2 normal Unsorted 1 mkwst annevk bkelly d jaffathecake jonathan mike sideshowbarker+fetchspec oldest_to_newest 118957 0 mkwst 2015-03-26 14:33:15 +0000 https://fetch.spec.whatwg.org/#concept-request-manual-redirect-flag [[ manual redirect flag ]] It would be nice if we had a mechanism of setting this (or anything like it) when calling into `fetch()`. This would give us the ability to mitigate certain risks by ensuring that data meant for one location isn't accidentally redirected to another. 118958 1 annevk 2015-03-26 14:43:25 +0000 Tentative proposal: errorOnRedirect = false as we cannot expose redirects directly which the "manual redirect flag" does (and is needed for internal algorithms such as "navigate"). When this property is set we'd set the manual redirect flag and reject with a TypeError if a redirect of sorts is returned. It will also be reflected on Request of course. 118959 2 mkwst 2015-03-26 14:49:37 +0000 Sounds fine to me. My only requirement is the ability to assert that a particular request will touch _only_ a specific URL, and will otherwise fail. I'm happy with any mechanism you're happy with that achieves that result. [insert questions about service workers here] 118960 3 annevk 2015-03-26 14:53:54 +0000 Oh, you want to make such an assertion from a document with a service worker not being able to affect it? Because that would be impossible as far as I can tell. 118961 4 mkwst 2015-03-26 15:00:57 +0000 (In reply to Anne from comment #3) > Oh, you want to make such an assertion from a document with a service worker > not being able to affect it? Because that would be impossible as far as I > can tell. If it wasn't impossible, yes! I'd love that! :) 118976 5 annevk 2015-03-27 10:13:12 +0000 Manual redirect flag is now a mode: https://github.com/whatwg/fetch/commit/83981498175633510878ebf97077ec632ceedc29 My plan is to expose "follow" and "error" to JavaScript and leave "manual" for HTML's navigate algorithm and any future controlled request context algorithms. Judging from RequestInit today, it would be something like: .redirect = "error" 118979 6 annevk 2015-03-27 12:29:42 +0000 *** Bug 26238 has been marked as a duplicate of this bug. *** 118980 7 annevk 2015-03-27 12:31:56 +0000 https://github.com/whatwg/fetch/commit/b6b4f87048020cda6237ca4af02df62d43f99765