registerForeignFetch({ origins, scope }) optional

[DanielHerr]

The foreign fetch scopes and origins should be optional. This wouldnt be a security concern because the SW is already explicitly intending to handle foreign fetches.

[jakearchibald]

I'm in favour of removing this part of the API. As you say, it's explicit in the event handler, and adding an additional level of scoping seems confusing.

@mkruisselbrink - am I missing something about this API?

[annevk]

Well, we wanted to keep the model that CORS has around to some extent. CORS requires an origin.

[jakearchibald]

You already have to provide the origin in the response. It kinda feels redundant in registerForeignFetch.

[annevk]

Although currently origin is not required there (there being respondWith()), I guess that's a bug. Agreed that it could have a sensible default here.

[jakearchibald]

If you don't provide an origin, the returned response is always opaque.

[jakearchibald]

Closing due to removing foreign fetch.