-
Notifications
You must be signed in to change notification settings - Fork 323
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change default of request's credentials mode #1153
Conversation
This only affects specifications that do not set credentials mode and I'm not aware of any. Closes #804.
Many parts of HTML fail to set credentials mode, I think? E.g. a bunch of navigation ones:
(and more I skipped over) importScripts():
Downloads:
I also found service worker script imports:
|
None of those should use "omit". |
Sure, I wasn't really questioning the change, just the commit message. Although it might be worth using this opportunity as a forcing function to fix HTML, at least. |
What would we want in HTML? Set credentials mode less I suppose as the default already handles it? |
Well navigate (and downloads?) seems like it should always be include? We could force that inside the navigate algorithm, but that seems hacky; I'd almost prefer updating all the call sites then adding an assert inside the navigate algorithm. I'm honestly not sure what browsers do for importScripts(). If it's same-origin then omitting it seems OK I guess. Alternately we could try to remove the default entirely and make all callers consider this? Hmm, not sure... |
Oh right, yeah, some of those need "include", at which point that would be a pretty significant undertaking with regards to tests. I don't want to take that on right now. |
…l-mode-for-RequestInit-fix, r=<try> Use same-origin as default credential mode for RequestInit fix <!-- Please describe your changes on the following line: --> - Updated the default credential mode from omit to same-origin as per: whatwg/fetch#1153 - Deleted instances of fallback credentials --- - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #29633 (GitHub issue number if applicable) - [X] There are tests for these changes
…l-mode-for-RequestInit-fix, r=<try> Use same-origin as default credential mode for RequestInit fix <!-- Please describe your changes on the following line: --> - Updated the default credential mode from omit to same-origin as per: whatwg/fetch#1153 - Deleted instances of fallback credentials --- - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #29633 (GitHub issue number if applicable) - [X] There are tests for these changes
…l-mode-for-RequestInit-fix, r=<try> Use same-origin as default credential mode for RequestInit fix <!-- Please describe your changes on the following line: --> - Updated the default credential mode from omit to same-origin as per: whatwg/fetch#1153 - Deleted instances of fallback credentials --- - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #29633 (GitHub issue number if applicable) - [X] There are tests for these changes
…l-mode-for-RequestInit-fix, r=<try> Use same-origin as default credential mode for RequestInit fix <!-- Please describe your changes on the following line: --> - Updated the default credential mode from omit to same-origin as per: whatwg/fetch#1153 - Deleted instances of fallback credentials --- - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #29633 (GitHub issue number if applicable) - [X] There are tests for these changes
…l-mode-for-RequestInit-fix, r=mukilan Use same-origin as default credential mode for RequestInit fix <!-- Please describe your changes on the following line: --> - Updated the default credential mode from omit to same-origin as per: whatwg/fetch#1153 - Deleted instances of fallback credentials --- - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #29633 (GitHub issue number if applicable) - [X] There are tests for these changes
This only affects specifications that do not set credentials mode and I'm not aware of any.
Closes #804.
Preview | Diff