Contact emailsksakam...@chromium.org Specification https://wicg.github.io/webpackage/loading.html#mp-link-type-prefetch
Summary Changes the request mode and credentials mode of prefetch requests used in Subresource prefetching+loading via Signed HTTP Exchange ( https://chromestatus.com/feature/5126805474246656). Currently SignedExchange subresource prefetches (triggered by Link: rel="alternate") are requested with "no-cors" mode. After this change, SignedExchange subresource prefetches will be requested with "cors" mode and "same-origin" credentials mode. That means, subresource SignedExchanges prefetched from cross-origin must have an appropriate Access-Control-Allow-Origin response header. Motivation Using no-cors mode for subresource SignedExchange prefetching was not a well-thought-out decision. In principle new features shouldn't use no-cors. Also, no-cors prefetches will be blocked once ORB (Opaque Response Blocking) is fully enabled (https://github.com/annevk/orb/issues/32). See https://github.com/WICG/webpackage/issues/790 for more details and alternatives considered. Blink componentBlink>Loader>WebPackaging <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ELoader%3EWebPackaging> Debuggability If a SignedExchange prefetch fails with a CORS error, it will be reported on the DevTools' network tab and console. Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1316660 Estimated milestones Shipping on desktop: 106 Shipping on Android: 106 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5047867052392448 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAO5vZCiy144y0g6ChSt2t1e3YCZ7n7cGyFc-1b6AqARXWQcqAw%40mail.gmail.com.