Bug 171550

Summary: Same-origin module scripts should be requested with credentials if the crossorigin attribute is present
Product: WebKit Reporter: Jake Archibald <jaffathecake>
Component: DOMAssignee: Yusuke Suzuki <ysuzuki>
Status: NEW ---    
Severity: Normal CC: cdumez, fpizlo, ggaren, manian, rniwa, webkit-bug-importer, wilander, ysuzuki
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=171566

Description Jake Archibald 2017-05-02 06:57:33 PDT
https://module-script-tests-zoelmqooyv.now.sh/cookie-page

Same-origin module scripts should be requested with credentials if the crossorigin attribute is present. The output of the above page should be:

No random number cookie found.
Random number cookie is: 0.30567383219441924
Random number cookie is: 0.30567383219441924

But in Safari it's:

No random number cookie found.
No random number cookie found.
Random number cookie is: 0.6591200076403063

(Obviously your random number will be different).
Comment 1 Radar WebKit Bug Importer 2018-02-21 13:08:56 PST
<rdar://problem/37757892>