New issue
Advanced search Search tips

Issue 759543 link

Starred by 6 users

Issue metadata

Status: Verified
Owner:
Closed: May 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

Make fetch() use "same-origin" credentials by default

Project Member Reported by annevank...@gmail.com, Aug 28 2017

Issue description

See https://github.com/whatwg/fetch/pull/585 for rationale and proposed Fetch Standard change.

Please try to coordinate changing your implementation with others. It's unlikely to be disruptive, but still seems better if it all happens roughly at the same time.
 
Labels: -Pri-3 Pri-2
Status: Available (was: Unconfirmed)
Setting to Available, but needs to wait for the decision at the issue on WHATWG.
Labels: -OS-Mac
Owner: tyoshino@chromium.org
The conclusion is we'll be following the proposal. I.e. the new default will be the same-origin credentials mode.

https://github.com/whatwg/fetch/pull/585#issuecomment-329058038
Status: Assigned (was: Available)
Owner: yhirano@chromium.org
Reassigning to yhirano@.

Need to check the progress of other browsers before taking the action.
See https://github.com/whatwg/fetch/pull/585#issuecomment-325351254

Comment 7 by bke...@mozilla.com, Feb 26 2018

> Need to check the progress of other browsers before taking the action.

FWIW, this has not been a priority in firefox so far.  If we had update WPT tests, though, we could probably make the change relatively quickly.  If you have a target release we could try to match.
As mentioned in https://github.com/whatwg/fetch/pull/585#issuecomment-370943341, I'm happy to work on some WPTs for this as it seems to be a big blocker. Also I know this is assigned to yhirano@, however I'm more than happy to take it if he doesn't have the bandwidth!
Owner: domfarolino@gmail.com
Status: Started (was: Assigned)
Project Member

Comment 11 by bugdroid1@chromium.org, Apr 30 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5b7b98694d9a5bae9b7efeb0a4a34710c83b098b

commit 5b7b98694d9a5bae9b7efeb0a4a34710c83b098b
Author: Dominic Farolino <domfarolino@gmail.com>
Date: Mon Apr 30 11:20:36 2018

Set fetch()'s default credentials mode to same-origin

As per https://github.com/whatwg/fetch/pull/585, the
fetch() API's default credentials mode should be set to
same-origin in the Request constructor.

I2s: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/WOAtshyL2As

R=yhirano@chromium.org, yoav@yoav.ws

Bug:  759543 
Change-Id: Id5cb8c747c41385edcc13775fdd18e1f27e7c3c9
Reviewed-on: https://chromium-review.googlesource.com/981512
Commit-Queue: Yoav Weiss <yoav@yoav.ws>
Reviewed-by: Yoav Weiss <yoav@yoav.ws>
Reviewed-by: Bernhard Bauer <bauerb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#554720}
[modify] https://crrev.com/5b7b98694d9a5bae9b7efeb0a4a34710c83b098b/content/browser/browsing_data/clear_site_data_throttle_browsertest.cc
[delete] https://crrev.com/bd588904caf43c922d2e17f18a30ded6530236d4/third_party/WebKit/LayoutTests/external/wpt/fetch/api/request/request-init-003.sub-expected.txt
[delete] https://crrev.com/bd588904caf43c922d2e17f18a30ded6530236d4/third_party/WebKit/LayoutTests/external/wpt/fetch/api/request/request-structure-expected.txt
[modify] https://crrev.com/5b7b98694d9a5bae9b7efeb0a4a34710c83b098b/third_party/WebKit/LayoutTests/http/tests/fetch/script-tests/request.js
[modify] https://crrev.com/5b7b98694d9a5bae9b7efeb0a4a34710c83b098b/third_party/blink/renderer/core/fetch/request.cc

Status: Verified (was: Started)

Sign in to add a comment