Summary: | crossorigin="anonymous" resource loads are anonymous even for same-origin | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Patrick Toomey <ptoomey3> | ||||
Component: | Page Loading | Assignee: | Daniel Bates <dbates> | ||||
Status: | RESOLVED DUPLICATE | ||||||
Severity: | Normal | CC: | achristensen, beidson, buildbot, cdumez, dbates, dpaddock, hallo, japhet, kj.kim, ljharb, ptoomey3, sean, webkit-bug-importer, wilander, youennf, ysuzuki | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | WebKit Nightly Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=171550 | ||||||
Attachments: |
|
Description
Patrick Toomey
2017-05-02 13:37:48 PDT
Thanks for filing this bug. We should set credential mode to same-origin in that case, which I believe would do what you are suggesting. Will try to look at it further. Are you seeing that for other resource types? Created attachment 309016 [details]
Patch
Three years later and it's still grinding my gears @Christian Haller, I believe we have fixed this issue. Testing https://infinite-bayou-16019.herokuapp.com/, it seems to work. From code inspection, we are now correctly setting FetchOptions::Credentials::SameOrigin for anonymous loads. Would you be able to provide a jsfiddle with your issue? I'll close this bug for now. Please reopen it if you think this issue is not solved or create a new bug if this is actually a different issue. Yes, this is fixed in https://trac.webkit.org/changeset/260038/webkit, and in STP 105 https://webkit.org/blog/10428/release-notes-for-safari-technology-preview-105/ *** This bug has been marked as a duplicate of bug 210326 *** Nice, it works in Safari Technology Preview 106 👍🏻😍 |