-
Notifications
You must be signed in to change notification settings - Fork 43
Open
Description
Take from Web Security Basics by htmx dot org. "Only call routes you control"
The fetch API supports a mode same-origin. If this mode were the default, this best practice would be enforced automatically. This Issue suggests adding a single line to the core library. mode: "same-origin", to the initializer of the cfg object.
An extension which will unset this property ought to be provided in the README. This allows people to opt-in to the lax model. This is needed to support use of fixi where multiple origins host one application fx-action="my-beta.domain.com/resource".
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels