|
|
|
|
|
|
by omgtehlion
816 days ago
|
|
|
Well, that constructor by default sends all the headers you have for your own domain and auth you are entitled to. This is how all other APIs in browsers work due to security and privacy concerns. If you call to other domains, then this problem is no different to what we had with CORS years ago. |
|
|
They're probably comparing it to the fetch and XHR APIs, which both allow custom headers.