Replace Sec-FedCM-CSRF with Sec-Fetch-Dest #353
Labels
compatibility risk
Issues that may lead to backwards compatibility problems
Comments
This was referenced Sep 27, 2022
cbiesinger
added a commit
to cbiesinger/webappsec-csp
that referenced
this issue
Sep 30, 2022
This is being added to fetch in whatwg/fetch#1495 See also issue w3c-fedid/FedCM#353 and w3c-fedid/FedCM#320
samuelgoto
added
the
compatibility risk
mikewest
pushed a commit
to w3c/webappsec-csp
that referenced
this issue
Oct 5, 2022
This is being added to fetch in whatwg/fetch#1495 See also issue w3c-fedid/FedCM#353 and w3c-fedid/FedCM#320
|
I hope this is now considered resolved? (Though using "webidentity" sans hyphen.) |
|
Yes thanks! https://fedidcg.github.io/FedCM/ does set the destination to webidentity thanks to npm. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Instead of introducing a new header Sec-FedCM-CSRF, I propose that we instead use the existing
Sec-Fetch-Destheader with a new valueweb-identity, matching the root manifest's filename (.well-known/web-identity, https://fedidcg.github.io/FedCM/#check-the-root-manifest)@bvandersloot-mozilla fyi
The text was updated successfully, but these errors were encountered: