Dynamic import credentials failure on WPT
Categories
(Core :: DOM: Workers, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox116 | --- | fixed |
People
(Reporter: evilpie, Assigned: allstars.chh)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
We are failing two tests on https://wpt.fyi/results/workers/modules/dedicated-worker-options-credentials.html. Those shouldn't have anything to do with CSP so they should probably pass.
new Worker() with type=classic should always send the credentials for same-origin dynamic imports regardless of the credentials option (omit).
new Worker() with type=classic should never send the credentials for cross-origin dynamic imports regardless of the credentials option (include).
Updated•1 year ago
|
Assignee | ||
Updated•11 months ago
|
Assignee | ||
Comment 1•11 months ago
|
||
HostLoadImportedModule,
https://html.spec.whatwg.org/multipage/webappapis.html#hostloadimportedmodule
<spec>
6. If referrer is a Script Record or a Module Record, then:
3. Set fetchOptions to the descendant script fetch options for
referencingScript's fetch options.
</spec>
And the referencingScript can be either:
- a classic worker script.
- a module worker script.
For the classic worker script, its fetch options are defined in
'fetch a classic worker script'
https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-classic-worker-script
See the algorithm processResponseConsumeBody
<spec>
5. Let script be the result of creating a classic script using
source text, script settings object, response's URL, and the
default classic script fetch options.
</spec>
Default classic script fetch options
https://html.spec.whatwg.org/multipage/webappapis.html#default-classic-script-fetch-options
<spec>
The default classic script fetch options are a script fetch options
whose ... credentials mode is "same-origin", ....
</spec>
For the module worker script, its fetch options are defined in
'fetch a worklet/module worker script graph'
https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-worklet/module-worker-script-graph
<spec>
- Let options be a script fetch options whose ... credentials mode is
credentials mode ...
</sec>
where credentials mode is provided when a worklet or a module worker
is created.
Pushed by allstars.chh@gmail.com: https://hg.mozilla.org/integration/autoland/rev/bb309ccead73 Use credentials="same origin" for dynamic import scripts in a classic worker script. r=jonco
Comment 3•11 months ago
|
||
bugherder |
Description
•