Bug 189888
| Summary: | Change default credentials mode for module scripts from omit to same-origin | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Dominic Farolino <domfarolino> |
| Component: | DOM | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | achristensen, annevk, cdumez, d, fpizlo, webkit-bug-importer, youennf, ysuzuki |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari 11 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Dominic Farolino
The HTML Standard is changing such that module scripts (<script type=module>), and their descendants are fetched with "same-origin" credentials mode [1]. This means credentials must be included on same-origin module scripts requests by default. See point (1) in the following HTML PR: https://github.com/whatwg/html/pull/3656#issuecomment-421589162. Some of the other points in that PR are pending spec finalization, and a separate issue should be filed for them.
[1]: https://fetch.spec.whatwg.org/#concept-request-credentials-mode
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/44805666>
Domenic Denicola
Spec change has now landed. See also #171550.
Web platform tests were changed in https://github.com/web-platform-tests/wpt/pull/13176 , with some additional related tests for module workers in https://github.com/web-platform-tests/wpt/pull/11274 and some additional test coverage ideas for dynamic import in https://github.com/web-platform-tests/wpt/issues/13426
Anne van Kesteren
*** This bug has been marked as a duplicate of bug 210326 ***