Open Bug 1945565 Opened 11 days ago Updated 8 days ago

Update FedCM network requests to use the correct CORS parameters

Categories

(Core :: DOM: Credential Management, defect, P3)

defect

Tracking

()

ASSIGNED

People

(Reporter: bvandersloot, Assigned: bvandersloot)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

We don't send the right Origin headers on the account and token endpoints. We probably have to use an nsIChannel directly to do this.

Priority: -- → P3
Blocks: 1803629

This updates RequestInit's ChromeOnly behavior:

  • fixes up triggeringPrincipalOverride
  • adds neverTaint

This adds Content-type: web-identity to ORB's allowlist.

Doing this in a Javascript module is easier, so let's move it there.
I didn't include the Metadata endpoint because I'm going to remove that
anyway.

Depends on D237043

Assignee: nobody → bvandersloot
Attachment #9464373 - Attachment description: WIP: Bug 1945565 - Add ChromeOnly features to Fetch to allow FedCM to work WIP → Bug 1945565 - Add ChromeOnly features to Fetch to allow FedCM to work - r=valentin!
Status: NEW → ASSIGNED
Attachment #9464374 - Attachment description: WIP: Bug 1945565 - Update FedCM network requests to use the correct CORS parameters - WIP → Bug 1945565 - Update FedCM network requests to use the correct CORS parameters - r=emz!
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: