Any use counters on how often this happens? On Thursday, February 2, 2023 at 8:58:35 AM UTC+1 Kenichi Ishibashi wrote: Contact emailsba...@chromium.org
Specificationhttps://fetch.spec.whatwg.org/#http-redirect-fetch Summary Remove Authorization header on cross origin redirects to scope a developer-controlled Authorization header to the origin of the initial request. Blink componentBlink>Loader <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ELoader> TAG review Not applicable, the spec has been already updated. https://github.com/whatwg/fetch/pull/1544 TAG review statusNot applicable Risks Interoperability and Compatibility Low. All browser vendors agreed with this change. *Gecko*: Shipping (https://bugzilla.mozilla.org/show_bug.cgi?id=1802086) Do we know if they ran into any compat issues when shipping this? *WebKit*: Shipped/Shipping (https://bugs.webkit.org/show_bug.cgi?id=230935) Historically Safari always removed Authorization headers even for the same origin redirects. Recently the behavior has changed to preserve them on same origin redirects. That's encouraging in terms of lack of potential reliance on these headers. *Web developers*: No signals *Other signals*: WebView application risks N/A Debuggability Web Developers can use DevTools network panel to see the actual request headers. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?Yes Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?Yes https://wpt.fyi/results/xhr/xhr-authorization-redirect. any.html?label=master&label=experimental https://wpt.fyi/results/fetch/api/credentials/authentication-redirection. any.html?label=experimental Flag nameNot applicable Requires code in //chrome?False Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1393520 Estimated milestones M112 Anticipated spec changes The spec has been already updated. https://github.com/whatwg/fetch/issues/944 Link to entry on the Chrome Platform Statushttps://chromestatus.com/ feature/5195900413018112 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f6b68f5f-060f-40c9-b542-2a4e6712eb74n%40chromium.org.
