Closed
Bug 1394399
Opened 7 years ago
Closed 7 years ago
Make fetch() use "same-origin" credentials by default
Categories
(Core :: DOM: Core & HTML, defect, P2)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla61
Tracking | Status | |
---|---|---|
firefox61 | --- | fixed |
People
(Reporter: annevk, Assigned: bkelly)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-complete)
Attachments
(3 files)
1.08 KB,
patch
|
baku
:
review+
|
Details | Diff | Splinter Review |
2.92 KB,
patch
|
baku
:
review+
|
Details | Diff | Splinter Review |
2.01 KB,
patch
|
baku
:
review+
|
Details | Diff | Splinter Review |
See https://github.com/whatwg/fetch/pull/585 for rationale and proposed Fetch Standard change.
Please try to coordinate changing your implementation with others. It's unlikely to be disruptive, but still seems better if it all happens roughly at the same time.
Assignee | ||
Updated•7 years ago
|
Blocks: ServiceWorkers-compat
Updated•7 years ago
|
Priority: -- → P3
Updated•7 years ago
|
Priority: P3 → P2
Assignee | ||
Comment 1•7 years ago
|
||
There are some WPT test fixes upstream and chrome is mostly ready to implement. I think we should do this soonish. Since its likely small I'm assigning to myself.
Assignee: nobody → bkelly
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•7 years ago
|
||
Assignee | ||
Comment 3•7 years ago
|
||
Assignee | ||
Comment 4•7 years ago
|
||
Assignee | ||
Comment 5•7 years ago
|
||
Assignee | ||
Comment 7•7 years ago
|
||
Comment on attachment 8969649 [details] [diff] [review]
P1 Default Request.credentials to "same-origin" instead of "omit". r=baku
Andrea, this patch changes default Request.credentials value from "omit" to "same-origin". This was discussed and changed in this spec issue:
https://github.com/whatwg/fetch/pull/585
Attachment #8969649 -
Flags: review?(amarchesini)
Assignee | ||
Comment 8•7 years ago
|
||
Comment on attachment 8969666 [details] [diff] [review]
P2 Fix mochitests to expect "same-origin" default Request.credentials. r=baku
This updates mochitests to expect the new default.
Attachment #8969666 -
Flags: review?(amarchesini)
Assignee | ||
Comment 9•7 years ago
|
||
Comment on attachment 8969667 [details] [diff] [review]
P3 Fix web-platform-tests to expect "same-origin" default Request.credentials. r=baku
This updates WPT to expect the new default. Note, this has actually already landed upstream:
https://github.com/w3c/web-platform-tests/commit/55d647f4f561e653a95684b17496f13d12a90512
I'm just doing it as a patch here to avoid having to wrestle with the WPT sync bot.
Attachment #8969667 -
Flags: review?(amarchesini)
Assignee | ||
Comment 10•7 years ago
|
||
MDN should be updated to reflect that the default Request.credentials value has changed from "omit" to "same-origin".
For determining if this has shipped in other browsers you can look at these issues:
https://bugs.webkit.org/show_bug.cgi?id=176023
https://bugs.chromium.org/p/chromium/issues/detail?id=759543
https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/13474598/
Keywords: dev-doc-needed
Updated•7 years ago
|
Attachment #8969666 -
Flags: review?(amarchesini) → review+
Updated•7 years ago
|
Attachment #8969667 -
Flags: review?(amarchesini) → review+
Updated•7 years ago
|
Attachment #8969649 -
Flags: review?(amarchesini) → review+
Comment 11•7 years ago
|
||
Pushed by bkelly@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/2d657d8dadf9
P1 Default Request.credentials to "same-origin" instead of "omit". r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/3c02e9df8b2d
P2 Fix mochitests to expect "same-origin" default Request.credentials. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/2feb276e4fcc
P3 Fix web-platform-tests to expect "same-origin" default Request.credentials. r=baku
Comment 12•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2d657d8dadf9
https://hg.mozilla.org/mozilla-central/rev/3c02e9df8b2d
https://hg.mozilla.org/mozilla-central/rev/2feb276e4fcc
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox61:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
Comment 13•7 years ago
|
||
Documents updated to change the default for credentials to "same-origin":
https://developer.mozilla.org/en-US/docs/Web/API/Request
https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials
Submitted PR #2157 to add the note about this change in Firefox 61 to the browser compatibility database.
Updated Firefox 61 for developers to mention the change.
Keywords: dev-doc-needed → dev-doc-complete
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•