You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I investigated how much redirect URLS with credentials are interoperable, and here is my current understanding of the landscape here based on web-platform-tests/wpt#8976:
Firefox is following the spec (error if cors mode and load is cross origin)
Safari is stripping any credentials from a redirect URL
Chrome is erroring redirect URLs containing credentials following https://www.chromestatus.com/feature/5669008342777856.
(not tested on Edge)
3 browsers, 3 different behaviors, can we try to converge here?
I was hoping WebKit could be aligned with the spec.
It would be good to know the rationale behind Chrome behavior.
Maybe the spec should be updated accordingly.
The text was updated successfully, but these errors were encountered:
I investigated how much redirect URLS with credentials are interoperable, and here is my current understanding of the landscape here based on web-platform-tests/wpt#8976:
(not tested on Edge)
3 browsers, 3 different behaviors, can we try to converge here?
I was hoping WebKit could be aligned with the spec.
It would be good to know the rationale behind Chrome behavior.
Maybe the spec should be updated accordingly.
The text was updated successfully, but these errors were encountered: