Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Not release] HTTP Access-Control-Allow-Header can't be wildcarded for authorization directive #27230

Closed
10 tasks done
hamishwillee opened this issue Jun 9, 2023 · 3 comments
Closed
10 tasks done

[Not release] HTTP Access-Control-Allow-Header can't be wildcarded for authorization directive #27230

hamishwillee opened this issue Jun 9, 2023 · 3 comments
Assignees
@hamishwillee
Labels
Content:HTTP HTTP docs Firefox 115 Tasks related to the Firefox 115 release

Comments

@hamishwillee
Copy link
Collaborator

hamishwillee commented Jun 9, 2023
edited

Acceptance Criteria

  • The listed features are documented sufficiently on MDN
  • BCD is updated
  • Interactive example and data repos are updated if appropriate
  • The content has been reviewed as needed

For folks helping with Firefox related documentation

  • Set bugs to dev-doc-complete
  • Add entry to Firefox release notes if feature is enabled in release
  • Add entry to Firefox experimental features page if feature is not yet enabled in release

Features to document

I think we might need to add experimental feature behind pref: network.cors_preflight.authorization_covered_by_wildcard

# When the Access-Control-Allow-Headers is wildcard (*), whether to allow
# CORS-protected requests with the Authorization request header.
- name: network.cors_preflight.authorization_covered_by_wildcard

There is also https://bugzilla.mozilla.org/show_bug.cgi?id=1687364#c4 which indicates we might need to update Access-Control-Expose-Headers to remove comments around use of the authorization header.

Querying this in https://bugzilla.mozilla.org/show_bug.cgi?id=1687364#c41

Related Gecko bugs

https://bugzilla.mozilla.org/show_bug.cgi?id=1687364

Other

  • Check content open issues to see if any pertain to the subject matter. If there are any that can be closed because of the work, do so. If there are any that can be fixed relatively quickly because of the knowledge from completing this issue and you have time, feel free to go ahead and fix them.
  • Check if glossary updates are required for the feature you're documenting - whether an existing term needs to be updated or a new term should be added.
  • Check if BCD update means that content pages need to have experimental markup removed or deprecated markup added (front matter tags and macros).
@github-actions github-actions bot added the needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. label Jun 9, 2023
@hamishwillee hamishwillee changed the title Don't think anything needs to be done here, but worth a check https://bugzilla.mozilla.org/show_bug.cgi?id=1687364 [Not release] HTTP Access-Control-Allow-Header can't be wildcarded for authorization directive Jun 9, 2023
@hamishwillee hamishwillee self-assigned this Jun 9, 2023
@hamishwillee hamishwillee added Content:HTTP HTTP docs Firefox 115 Tasks related to the Firefox 115 release and removed needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. labels Jun 9, 2023
@hamishwillee hamishwillee mentioned this issue Jun 12, 2023
Merged
@hamishwillee
Copy link
Collaborator Author

hamishwillee commented Jun 12, 2023
edited

Situation pretty much as I thought: https://bugzilla.mozilla.org/show_bug.cgi?id=1687364#c42

Status:

This was referenced Jun 12, 2023
Merged
Merged
@mozfreddyb
Copy link

FWIW, this behavior is not going to ship with Firefox 115. It's going to be available behind a pref. We're estimating that this may cause compatibility issues and are currently debating a coordinated launch across browser vendors. whatwg/fetch#1278 has more.

@hamishwillee
Copy link
Collaborator Author

hamishwillee commented Jun 30, 2023
edited

Thanks very much @mozfreddyb. That has been captured in the compatibility table and experimental features already.

Note, I definitely do NOT want to discourage this kind of reminder though - I've missed preferenced changes before.

PS Added dev-docs-needed to https://bugzilla.mozilla.org/show_bug.cgi?id=1841019 so we'll get a hint when this ships.

@Rumyra Rumyra closed this as completed Jun 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hamishwillee hamishwillee

Labels
Content:HTTP HTTP docs Firefox 115 Tasks related to the Firefox 115 release
Projects
MDN Web Docs Content Team
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Rumyra @hamishwillee @mozfreddyb