Contact emailsba...@chromium.org Specificationhttps://fetch.spec.whatwg.org/#http-redirect-fetch
Summary Remove Authorization header on cross origin redirects to scope a developer-controlled Authorization header to the origin of the initial request. Blink componentBlink>Loader <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ELoader> TAG review Not applicable, the spec has been already updated. https://github.com/whatwg/fetch/pull/1544 TAG review statusNot applicable Risks Interoperability and Compatibility Low. All browser vendors agreed with this change. *Gecko*: Shipping (https://bugzilla.mozilla.org/show_bug.cgi?id=1802086) *WebKit*: Shipped/Shipping (https://bugs.webkit.org/show_bug.cgi?id=230935) Historically Safari always removed Authorization headers even for the same origin redirects. Recently the behavior has changed to preserve them on same origin redirects. *Web developers*: No signals *Other signals*: WebView application risks N/A Debuggability Web Developers can use DevTools network panel to see the actual request headers. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?Yes Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?Yes https://wpt.fyi/results/xhr/xhr-authorization-redirect.any.html?label=master&label=experimental https://wpt.fyi/results/fetch/api/credentials/authentication-redirection.any.html?label=experimental Flag nameNot applicable Requires code in //chrome?False Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1393520 Estimated milestones M112 Anticipated spec changes The spec has been already updated. https://github.com/whatwg/fetch/issues/944 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5195900413018112 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPLXX-9yWDEnqEdTcL3f8scEEHVTdmqFFe_tgGTVoOM6%2BaEkQQ%40mail.gmail.com.
