Use counter reports 0.022%. My guess is that most usage happens
accidentally but we are not sure.

API owners, should we do a reverse OT?

On Fri, Feb 17, 2023 at 9:38 AM Kenichi Ishibashi <ba...@chromium.org>
wrote:

> Quick update, we added a use counter to see how often this could happen.
> I'll get back once we have data.
>
>
> On Wed, Feb 8, 2023 at 11:51 PM Yoav Weiss <yoavwe...@chromium.org> wrote:
>
>> Any use counters on how often this happens?
>>
>> On Thursday, February 2, 2023 at 8:58:35 AM UTC+1 Kenichi Ishibashi wrote:
>> Contact emailsba...@chromium.org
>>
>> Specificationhttps://fetch.spec.whatwg.org/#http-redirect-fetch
>>
>> Summary
>>
>> Remove Authorization header on cross origin redirects to scope a
>> developer-controlled Authorization header to the origin of the initial
>> request.
>>
>> Blink componentBlink>Loader
>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ELoader>
>>
>> TAG review
>> Not applicable, the spec has been already updated.
>> https://github.com/whatwg/fetch/pull/1544
>>
>> TAG review statusNot applicable
>>
>> Risks
>>
>>
>> Interoperability and Compatibility
>>
>> Low. All browser vendors agreed with this change.
>>
>> *Gecko*: Shipping (https://bugzilla.mozilla.org/show_bug.cgi?id=1802086)
>>
>> Do we know if they ran into any compat issues when shipping this?
>>
> None I'm aware of. I checked the bug and related issues in GitHub but I
> didn't find anything.
>
>
>>
>> *WebKit*: Shipped/Shipping (https://bugs.webkit.org/show_
>> bug.cgi?id=230935) Historically Safari always removed Authorization
>> headers even for the same origin redirects. Recently the behavior has
>> changed to preserve them on same origin redirects.
>>
>> That's encouraging in terms of lack of potential reliance on these
>> headers.
>>
>>
>> *Web developers*: No signals
>>
>> *Other signals*:
>>
>> WebView application risks
>>
>> N/A
>>
>>
>>
>> Debuggability
>>
>> Web Developers can use DevTools network panel to see the actual request
>> headers.
>>
>> Will this feature be supported on all six Blink platforms (Windows, Mac,
>> Linux, Chrome OS, Android, and Android WebView)?Yes
>>
>> Is this feature fully tested by web-platform-tests
>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>
>> ?Yes
>> https://wpt.fyi/results/xhr/xhr-authorization-redirect.
>> any.html?label=master&label=experimental
>> https://wpt.fyi/results/fetch/api/credentials/authentication-redirection.
>> any.html?label=experimental
>>
>> Flag nameNot applicable
>>
>> Requires code in //chrome?False
>>
>> Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1393520
>>
>> Estimated milestones
>>
>> M112
>>
>> Anticipated spec changes
>>
>> The spec has been already updated.
>>
>> https://github.com/whatwg/fetch/issues/944
>>
>> Link to entry on the Chrome Platform Statushttps://chromestatus.com/
>> feature/5195900413018112
>>
>> This intent message was generated by Chrome Platform Status
>> <https://chromestatus.com/>.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPLXX-9gLUwMLgSzOxMjh9uKqikw2UWsdm9SxG0-maJ7bXp4mA%40mail.gmail.com.

Reply via email to