- Add .redirected attribute to Response class of Fetch API. Web developers can check it to avoid untrustworthy responses. - To avoid the risk of open redirectors (https://cwe.mitre.org/data/definitions/601.html) introduce a new security restriction which disallows service workers to respond to requests with a redirect mode different from "follow".
Docs: Public standards discussion: https://github.com/whatwg/fetch/issues/79 Spec of Response.redirected: https://fetch.spec.whatwg.org/#dom-response-redirected Spec change: https://github.com/whatwg/fetch/commit/e54f6bd1e75f46cd4b8202f5ee3bfa68e9ded906 MDN: https://developer.mozilla.org/en-US/docs/Web/API/Response/redirected