module's default cross-origin value should be "same-origin"
Created attachment 396064 [details] Patch
<rdar://problem/51729982>
Created attachment 396228 [details] Patch
Created attachment 396233 [details] Patch
Comment on attachment 396233 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=396233&action=review > Source/WebCore/ChangeLog:10 > + The original spec was using "omit" crossorigin for modules when crossorigin is not set / empty. > + However, the spec is changed to sending requests with "same-origin" credentials mode by default. > + We should follow it. Given the way "same-origin" is specified is as "anonymous", I think clarifying that in the change log would help make things clearer. > Source/WebCore/ChangeLog:17 > + * dom/ScriptElement.cpp: > + (WebCore::ScriptElement::requestModuleScript): > + * dom/ScriptElementCachedScriptFetcher.cpp: > + (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript const): > + * html/parser/HTMLResourcePreloader.cpp: > + (WebCore::PreloadRequest::resourceRequest): Its unfortunate this is in three places. Any ideas about how we could refactor to have a single place implementing this part of the spec?
Comment on attachment 396233 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=396233&action=review Thanks! >> Source/WebCore/ChangeLog:10 >> + We should follow it. > > Given the way "same-origin" is specified is as "anonymous", I think clarifying that in the change log would help make things clearer. Fixed. >> Source/WebCore/ChangeLog:17 >> + (WebCore::PreloadRequest::resourceRequest): > > Its unfortunate this is in three places. Any ideas about how we could refactor to have a single place implementing this part of the spec? Sounds nice, I'll put this string as ScriptElementCachedScriptFetcher::defaultCrossOriginModeForModule to share.
Created attachment 396245 [details] Patch
Created attachment 396246 [details] Patch
Committed r260003: <https://trac.webkit.org/changeset/260003>
*** Bug 171550 has been marked as a duplicate of this bug. ***
Re-opened since this is blocked by bug 210441
Created attachment 396316 [details] Patch
Comment on attachment 396316 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=396316&action=review > Source/WebCore/ChangeLog:12 > + C++ part is not changed. Just rewrite tests with cookie instead of basic-authentication since basic-authentication-based tests hit some existing crashes in WK2-Debug bots.
Thanks Sam! I'll land it once I checked that EWS is green.
Bots are green. Landing.
Committed r260038: <https://trac.webkit.org/changeset/260038>
*** Bug 206811 has been marked as a duplicate of this bug. ***
*** Bug 171566 has been marked as a duplicate of this bug. ***
*** Bug 189888 has been marked as a duplicate of this bug. ***