-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify: credentials param affect response too #1174
Conversation
This change updates the descriptions of all “credentials mode” values, to clarify that the values affect whether browsers use credentials sent back in responses (e.g., any Set-Cookie response headers) — not just whether credentials are sent with the request.
909fb31
to
9a964ec
Compare
This change updates the documentation on the fetch() method, to clarify that the "credentials" value affects whether browsers use credentials sent back in responses (e.g., any Set-Cookie response headers) — not just whether credentials are sent with the request Fixes #2409 Related: whatwg/fetch#1174
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess in practice there's only really Set-Cookie
for responses, but maybe keeping this generic is fine. Thoughts?
For developers reading it, it seems best to be as explicit as possible — so if the Set-Cookie header is the only form or credentials the response can have which would be affected, then let’s say that. |
Sorry, I'm wrong. It also affects 401 responses (and connection pooling). (Search for includeCredentials.) |
9b7366c
to
9a964ec
Compare
OK — stripped out the other commit |
Thanks @sideshowbarker! |
…oo (#2468) * Push the “fix fixable flaws” button * Fetch response cookies affected by credentials This change updates the documentation on the fetch() method, to clarify that the "credentials" value affects whether browsers use credentials sent back in responses (e.g., any Set-Cookie response headers) — not just whether credentials are sent with the request Fixes #2409 Related: whatwg/fetch#1174 * Fold URL object under USVString as resource value
This change updates the descriptions of all “credentials mode” values, to clarify that the values affect whether browsers use credentials sent back in responses (e.g., any Set-Cookie response headers) — not just whether credentials are sent with the request. Related: mdn/content#2468
Preview | Diff