"I want to make an image request"

[jakearchibald]

Browsers make requests differently depending on their context.

http://jsbin.com/yacar/1/quiet - here I'm request the same url, one using XHR and one using <img>. The browser cannot dedupe these as they have separate Accept headers.

When using fetch() and populating caches, it'd be useful to ask the browser to make the request as if it were for an "image" or a "font". These are terms we currently use for fetchEvent.context.

I propose we move .context onto Request objects, and allow it to be set in constructor. The initial value of "context" will affect headers in a way that's UA-specific (eg, Chrome Accepts image/webp, Firefox does not). Any user-set headers will take priority.

var req = new Request({
  url: '/whatever.png',
  context: "image"
});

req.headers.get('Accept') == "image/webp,*/*;q=0.8"; // in Chrome

[annevk]

That's an interesting idea, but should not affect fetch()'s CSP check. I'm not sure if that argues for having a distinct request's CSP context (and request's context can default to that unless otherwise specified).

[jakearchibald]

I guess the context would always be connect from CSP's point of view. That would be set by fetch() when it's passed a request object. Is that overloading "context" too much?

[jakearchibald]

If we use something like "context" for sensible defaults, it should also determine if the request should use CORS by default.

[devd]

This is cool.

Just to help my understanding: this is not just sugar for setting headers manually in the request initialization code? For, X-origin requests, currently changing the Accept header will make it a CORS request, right? But, you are saying "if you set the Accept header via this special context field, then we won't require a CORS preflight".

Do we try to enforce current policies once you use the context method? As an example, if I set context to "font", do you allow cross-origin requests? Currently, Firefox (and the spec) does not allow cross-origin font loads.

[jakearchibald]

CORS-or-not will be an option, but yeah, setting the "context" will give this value the correct default for the type. (as long as there aren't security issues, of course)

[annevk]

I think this needs to be explained more first, what exactly this would do. Currently we have not really explained at a Fetch level what headers UAs might add for various fetches.

[annevk]

I'm discussing this idea with @igrigorik in w3c/preload#17 (comment) at the moment. It's still not entirely clear to me what the division of labor needs to be, but hopefully once we have the answers to the questions in that thread, we can open some issues against https://github.com/whatwg/fetch to add new features.

[annevk]

Closing this in favor of whatwg/fetch#43.