Consider adding an "exclude credentials" flag to the URL serializer. #476
Labels
topic: model
For issues with the abstract-but-normative bits
Comments
|
Seems reasonable. I'm be a little worried about them surviving accidentally, but I should probably trust the callers. I haven't seen this pattern much myself, but perhaps I'm not stripping them as much as I should have... |
|
Does whatwg/fetch#1028 obsolete this? Or do we not always have a request? |
|
@mikewest ping. |
|
I think this isn't a thing anyone is working on, and it's not enough of a concern to make it anything like a priority. Let's close it out, and think about it again if we add another spot that strips credentials. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems to me that there are more than a few places where we strip username and password from a URL, then pass it to the URL serializer with the
exclude fragmentflag set. Perhaps we could simplify this by adding anexclude credentialsflag as well?Is that a patch you'd accept, @annevk?
The text was updated successfully, but these errors were encountered: