From b5a68d4b28d7ab440087df7086f45238fa7a85a6 Mon Sep 17 00:00:00 2001
From: Espen Hovlandsdal <espen@hovlandsdal.com>
Date: Mon, 18 Nov 2024 18:38:42 -0800
Subject: [PATCH] Add `Last-Event-ID` to CORS-safelisted request headers

Since EventSource implementations in most environments already send this header
without CORS preflight request, it makes sense to make it a safelisted header.

See #568
---
 fetch.bs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fetch.bs b/fetch.bs
index 3a684a945..bd6fcdf35 100644
--- a/fetch.bs
+++ b/fetch.bs
@@ -984,6 +984,7 @@ is a <dfn export>CORS-safelisted request-header</dfn>, run these steps:
 
   <dl class=switch>
    <dt>`<code>accept</code>`
+   <dt>`<code>last-event-id</code>`
    <dd>
     <p>If <var>value</var> contains a <a>CORS-unsafe request-header byte</a>, then return false.
 
@@ -9125,6 +9126,7 @@ Emily Stark,
 Eric Lawrence,
 Eric Orth,
 Feng Yu<!-- F3n67u; GitHub -->,
+Espen Hovlandsdal<!-- rexxars; GitHub -->,
 François Marier,
 Frank Ellerman,
 Frederick Hirsch,