New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Worker: Change the default credentials option from 'omit' to 'same-origin' #11274

Merged
merged 1 commit into from Jun 1, 2018

Conversation

Projects
None yet
3 participants
@chromium-wpt-export-bot
Collaborator

chromium-wpt-export-bot commented May 31, 2018

This is a follow-up for the spec change:
whatwg/html#3656

Note that ES Modules for dedicated workers is still behind the flag and this
change doesn't affect applications in the real world.

Bug: 848247
Change-Id: I25083f3f11f9d13663e16e2f4c137095e9b12b01
Reviewed-on: https://chromium-review.googlesource.com/1080668
Reviewed-by: Matt Falkenhagen falken@chromium.org
Commit-Queue: Hiroki Nakagawa nhiroki@chromium.org
Cr-Commit-Position: refs/heads/master@{#563465}

@wpt-pr-bot

Already reviewed downstream.

Worker: Change the default credentials option from 'omit' to 'same-or…
…igin'

This is a follow-up for the spec change:
whatwg/html#3656

Note that ES Modules for dedicated workers is still behind the flag and this
change doesn't affect applications in the real world.

Bug: 848247
Change-Id: I25083f3f11f9d13663e16e2f4c137095e9b12b01
Reviewed-on: https://chromium-review.googlesource.com/1080668
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org>
Cr-Commit-Position: refs/heads/master@{#563465}

@chromium-wpt-export-bot chromium-wpt-export-bot merged commit 72c7cfe into master Jun 1, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@chromium-wpt-export-bot chromium-wpt-export-bot deleted the chromium-export-cl-1080668 branch Jun 1, 2018

domenic added a commit to whatwg/html that referenced this pull request Oct 9, 2018

Change how module scripts are fetched
* Module scripts are always fetched with request credentials mode
  "same-origin" by default, instead of the previous default of "omit".
  Only worker module scripts can still set that to "omit", using the
  credentials option to the Worker constructor. Non-worker module
  scripts, which only have the crossorigin="" attribute available, can
  only toggle between "same-origin" and "include", similar to how
  crossorigin="" works for other platform features.
* Similarly, import() statements inside of classic scripts now use the
  "same-origin" credentials mode, instead of "omit". This affects both
  <script> elements, where the default can be changed using
  crossorigin="", and other contexts like javascript: URLs and classic
  worker scripts, where the default cannot be changed.
* The top-level script for module workers is always fetched with request
  mode "same-origin". Cross-origin workers did not quite work due to
  service workers.

Fixes #2557. Fixes #3109.

Tests:

* web-platform-tests/wpt#11274
* web-platform-tests/wpt#13176
* web-platform-tests/wpt#13426
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment