Skip to content

Fetch: Cross-Origin Requests #141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Dec 23, 2019
Merged

Fetch: Cross-Origin Requests #141

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions 5-network/05-fetch-crossorigin/1-do-we-need-origin/solution.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
We need `Origin`, because sometimes `Referer` is absent. For instance, when we `fetch` HTTP-page from HTTPS (access less secure from more secure), then there's no `Referer`.
Nous avons besoin de `Origin`, car parfois `Referer` est absent. Par exemple, lorsque nous faisons un `fetch` de la page HTTP à partir de la page HTTPS (accès moins sécurisé de plus sécurisé), il n'y a pas de `Referer`.

The [Content Security Policy](http://en.wikipedia.org/wiki/Content_Security_Policy) may forbid sending a `Referer`.
Le [Content Security Policy](http://en.wikipedia.org/wiki/Content_Security_Policy) peut interdire l'envoi d'un `Referer`.

As we'll see, `fetch` has options that prevent sending the `Referer` and even allow to change it (within the same site).
Comme nous le verrons, `fetch` a des options qui empêchent d'envoyer le` Referer` et permettent même de le changer (dans le même site).

By specification, `Referer` is an optional HTTP-header.
Par spécification, `Referer` est un en-tête HTTP facultatif.

Exactly because `Referer` is unreliable, `Origin` was invented. The browser guarantees correct `Origin` for cross-origin requests.
Précisément parce que `Referer` n'est pas fiable, `Origin` a été inventé. Le navigateur garantit une origine correcte pour les requêtes cross-origin.
14 changes: 7 additions & 7 deletions 5-network/05-fetch-crossorigin/1-do-we-need-origin/task.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ importance: 5

---

# Why do we need Origin?
# Pourquoi avons-nous besoin d'Origin ?

As you probably know, there's HTTP-header `Referer`, that usually contains an url of the page which initiated a network request.
Comme vous le savez probablement, il y a un en-tête HTTP `Referer`, qui contient généralement une URL de la page qui a initié une requête réseau.

For instance, when fetching `http://google.com` from `http://javascript.info/some/url`, the headers look like this:
Par exemple, lors de la récupération de `http://google.com` à partir de `http://javascript.info/some/url`, les en-têtes ressemblent à ceci :

```
Accept: */*
Expand All @@ -20,9 +20,9 @@ Referer: http://javascript.info/some/url
*/!*
```

As you can see, both `Referer` and `Origin` are present.
Comme vous pouvez le voir, `Referer` et `Origin` sont présents.

The questions:
Questions :

1. Why `Origin` is needed, if `Referer` has even more information?
2. Is it possible that there's no `Referer` or `Origin`, or is it incorrect?
1. Pourquoi `Origin` est nécessaire, si `Referer` a encore plus d'informations ?
2. Est-il possible qu'il n'y ait pas de `Referer` ou `Origin`, ou est-ce incorrect ?
Loading