[Webkit-unassigned] [Bug 206811] Same-origin type="module" scripts only send cookies with crossorigin="use-credential" set
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jan 26 16:16:11 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=206811
--- Comment #1 from webkitbugzilla at accounts.rdmurphy.org ---
I've created a minimal example of this here.
https://positive-shallot.glitch.me
(Edit link here: https://glitch.com/edit/#!/positive-shallot)
You can see that the same-origin "client.js" script tag with type="module" sends no request cookies, but does send them when the script requests the same file with a fetch(). Somewhat confusingly it requires the "crossorigin" tag to have the request send the same origin cookie (as shown with the "client-use-credentials.js" script).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200127/5c596d7e/attachment-0001.htm>
More information about the webkit-unassigned
mailing list