Should the safelisted request header list still include Downlink?

[richardkmichael]

The current version of the Fetch Living Standard indicates Downlink is safelisted request header and links to Downlink in the HTTP Client Hints draft. However, Downlink has since been removed from the Client Hints. (merge, commit)

Should Downlink be removed from the safelisted request headers; or, should the Fetch LS link to the NetInfo API (here)? (Although, there it is an attribute, and not a header.)

(FWIW I'm not following any of the WG draft discussion, but rather, came across this after reading then wanting to update the MDN CORS documentation. Also, somewhat related, Last-Event-Id is also listed on MDN as a safelisted request header, although it still appears to be forthcoming in Fetch LS.)

[annevk]

Thanks!

@igrigorik thoughts?

[igrigorik]

The intent in httpwg/http-extensions@b814322 was to move the definition to NetInfo spec, but that hasn't landed, WIP: WICG/netinfo#46.

With Accept-CH-Lifetime landing we should be unblocked from making progress on above now. I propose we keep this open and resolve it by updating Fetch spec to point to NetInfo dfn's once that lands.

[annevk]

Merging this into #726 as Client Hints has been removed for now. That issue will work adding it back at which point we can decide how it should affect CORS.