Origin Header: Firefox sent it for POST requests since v59

[chtitux]

No description provided.

[Elchi3]

@chrisdavidmills can you review this, given you handled the ddn a while ago? https://bugzilla.mozilla.org/show_bug.cgi?id=446344#c113

[chrisdavidmills]

This isn't quite right. When I went through trying to document this, I eventually found out that the Origin header is sent with non-CORS requests since Fx59, unless they are GET or HEAD (see https://bugzilla.mozilla.org/show_bug.cgi?id=446344#c117).

You also need to add to the BCD to mention this is currently behind a pref (see https://bugzilla.mozilla.org/show_bug.cgi?id=1424076).

Thanks for working on this!

[saschanaz]

How about:

             "firefox": [
               {
                 "version_added": 59
               },
               {
                 "version_added": true,
                 "partial_implementation": true,
                 "notes": "Not sent with <code>POST</code> requests until Firefox 58, see <a href='https://bugzil.la/446344'>bug 446344</a>."
               }
             ]

[Elchi3]

@chrisdavidmills would this work for you?

[saschanaz]

My suggestion misses the required pref and should also be revised as "Not sent with same-origin POST".

[chrisdavidmills]

For the 59 information, sdd the pref, and also add a note long the lines of "sent with non-CORS requests since Fx59, unless they are GET or HEAD"

[Elchi3]

I've updated this. Does it look good to you now, @chrisdavidmills?

[chrisdavidmills]

I think this looks better, yes. It's not great, as this is an annoying complex bit of information to represent. But I don't think we'll get it much better.

[chrisdavidmills]

Thanks for your work all.