Response.redirected and a new security restriction

- Add .redirected attribute to Response class of Fetch API. Web developers can check it to avoid untrustworthy responses. - To avoid the risk of open redirectors ( introduce a new security restriction which disallows service workers to respond to requests with a redirect mode different from "follow".


Safari has shipped Fetch API and Response.redirected attribute in Technology Preview. But not shipped Service Worker. Edge has shipped Fetch API. But not shipped Response.redirected attribute and Service Worker.



Established standard

Status in Chromium

Enabled by default (launch bug) in:

  • Chrome for desktop release 57
  • Chrome for Android release 57
  • Android WebView release 57
  • Opera release 44
  • Opera for Android release 44

Consensus & Standardization

  • Shipped
  • No public signals
  • Shipped
  • No signals


Last updated on 2017-01-12