New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Origin Header: Firefox sent it for POST requests since v59 #2943

Merged
merged 2 commits into from Oct 30, 2018

Conversation

Projects
None yet
4 participants
@chtitux
Contributor

chtitux commented Oct 9, 2018

No description provided.

@Elchi3 Elchi3 requested a review from chrisdavidmills Oct 10, 2018

@Elchi3

This comment has been minimized.

Member

Elchi3 commented Oct 10, 2018

@chrisdavidmills can you review this, given you handled the ddn a while ago? https://bugzilla.mozilla.org/show_bug.cgi?id=446344#c113

@chrisdavidmills

This isn't quite right. When I went through trying to document this, I eventually found out that the Origin header is sent with non-CORS requests since Fx59, unless they are GET or HEAD (see https://bugzilla.mozilla.org/show_bug.cgi?id=446344#c117).

You also need to add to the BCD to mention this is currently behind a pref (see https://bugzilla.mozilla.org/show_bug.cgi?id=1424076).

Thanks for working on this!

@@ -20,7 +20,7 @@
},
"firefox": {

This comment has been minimized.

@saschanaz

saschanaz Oct 18, 2018

Contributor

How about:

             "firefox": [
               {
                 "version_added": 59
               },
               {
                 "version_added": true,
                 "partial_implementation": true,
                 "notes": "Not sent with <code>POST</code> requests until Firefox 58, see <a href='https://bugzil.la/446344'>bug 446344</a>."
               }
             ]

This comment has been minimized.

@Elchi3

Elchi3 Oct 29, 2018

Member

@chrisdavidmills would this work for you?

This comment has been minimized.

@saschanaz

saschanaz Oct 29, 2018

Contributor

My suggestion misses the required pref and should also be revised as "Not sent with same-origin POST".

This comment has been minimized.

@chrisdavidmills

chrisdavidmills Oct 29, 2018

Contributor

For the 59 information, sdd the pref, and also add a note long the lines of "sent with non-CORS requests since Fx59, unless they are GET or HEAD"

This comment has been minimized.

@Elchi3

Elchi3 Oct 30, 2018

Member

I've updated this. Does it look good to you now, @chrisdavidmills?

@chrisdavidmills

I think this looks better, yes. It's not great, as this is an annoying complex bit of information to represent. But I don't think we'll get it much better.

@chrisdavidmills chrisdavidmills merged commit 47f1979 into mdn:master Oct 30, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
@chrisdavidmills

This comment has been minimized.

Contributor

chrisdavidmills commented Oct 30, 2018

Thanks for your work all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment