RESOLVED DUPLICATE of bug 210326 Bug 189888
Change default credentials mode for module scripts from omit to same-origin 
https://bugs.webkit.org/show_bug.cgi?id=189888
Summary Change default credentials mode for module scripts from omit to same-origin
Dominic Farolino
Reported 2018-09-22 12:21:57 PDT
The HTML Standard is changing such that module scripts (<script type=module>), and their descendants are fetched with "same-origin" credentials mode [1]. This means credentials must be included on same-origin module scripts requests by default. See point (1) in the following HTML PR: https://github.com/whatwg/html/pull/3656#issuecomment-421589162. Some of the other points in that PR are pending spec finalization, and a separate issue should be filed for them. [1]: https://fetch.spec.whatwg.org/#concept-request-credentials-mode
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2018-09-26 13:25:21 PDT
<rdar://problem/44805666>
Domenic Denicola
Comment 2 2018-10-09 13:45:14 PDT
Spec change has now landed. See also #171550. Web platform tests were changed in https://github.com/web-platform-tests/wpt/pull/13176 , with some additional related tests for module workers in https://github.com/web-platform-tests/wpt/pull/11274 and some additional test coverage ideas for dynamic import in https://github.com/web-platform-tests/wpt/issues/13426
Anne van Kesteren
Comment 3 2024-03-17 08:07:24 PDT
*** This bug has been marked as a duplicate of bug 210326 ***
Note You need to log in before you can comment on or make changes to this bug.