New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 657667 link

Starred by 5 users
Status: Available
Owner: ----
Cc:
jakearchibald@chromium.org
bsittler@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

Add WPT tests for credentialed requests in register()/update

Project Member Reported by falken@chromium.org, Oct 20 2016 
It's possible we're not sending credentials in the register()/update requests. I don't think we have tests for this.
- Verify expected behavior
- Implement
- Write tests

Comment 1 by bsittler@chromium.org, Oct 20 2016

Cc: bsittler@chromium.org
On the one hand:

https://www.w3.org/TR/service-workers/#update-algorithm does not set the credentials mode of the worker script fetch explicitly, at least by my reading, so perhaps this is expected behavior?

On the other hand:

https://w3c.github.io/ServiceWorker/#update-algorithm
defers to
https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-classic-worker-script
for construction of the request object, and in that case credentials mode is "same-origin" and uses the (default) response tainting mode "basic", which combined should cause the Fetch to send cookies (I think.)

Comment 2 by falken@chromium.org, Nov 2 2016

Cc: jakearchibald@chromium.org
Labels: M-56
Jake: can you confirm the intended spec is to send credentials in register/update requests?

Comment 3 by bsittler@chromium.org, Nov 2 2016

Blocking: 661604

Comment 4 by bsittler@chromium.org, Nov 2 2016 

Credentials are actually sent, I was testing incorrectly before. Glad to see this works! :)

Remaining question: is this behavior per-spec?

Comment 5 by bsittler@chromium.org, Nov 2 2016

Summary: Credentials are sent in requests for register()/update - should they be? (was: Credentials aren't sent in requests for register()/update)

Comment 6 by bsittler@chromium.org, Nov 2 2016

Blocking: -661604

Comment 7 by jakearchibald@chromium.org, Nov 2 2016 

Credentials should be sent. As bsittler says, credentials are added via https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-classic-worker-script which sets credentials to be same-origin.

Comment 8 by bsittler@chromium.org, Nov 2 2016

Status: WontFix (was: Available)
Great, working as intended then :)

Comment 9 by bke...@mozilla.com, Nov 2 2016 

Some WPT tests would be nice, though. :-)

Comment 10 by falken@chromium.org, Feb 16 2017

Labels: -Pri-2 -M-56 Pri-3
NextAction: ----
Status: Available (was: WontFix)
Summary: Add WPT tests for credentialed requests in register()/update (was: Credentials are sent in requests for register()/update - should they be?)

Comment 11 by falken@chromium.org, Jun 2 2017 

Also add tests that Set-Cookie works.
Project Member

Comment 12 by sheriffbot@chromium.org, Jun 4 2018

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 13 by falken@chromium.org, Jun 8 2018

Status: Available (was: Untriaged)

Sign in to add a comment