Add Last-Event-ID to CORS-safelisted request headers

Since EventSource implementations in most environments already send this header without CORS preflight request, it makes sense to make it a safelisted header. See #568
whatwg · Nov 19, 2024 · 7a0ead3 · 7a0ead3
1 parent bdb452e
commit 7a0ead3
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/fetch.bs b/fetch.bs
@@ -984,6 +984,7 @@ is a <dfn export>CORS-safelisted request-header</dfn>, run these steps:
 
   <dl class=switch>
    <dt>`<code>accept</code>`
+   <dt>`<code>last-event-id</code>`
    <dd>
     <p>If <var>value</var> contains a <a>CORS-unsafe request-header byte</a>, then return false.
 
@@ -9089,6 +9090,7 @@ Ehsan Akhgari,
 Emily Stark,
 Eric Lawrence,
 Eric Orth,
+Espen Hovlandsdal,
 François Marier,
 Frank Ellerman,
 Frederick Hirsch,