- From: Makoto Shimazu <notifications@github.com>
- Date: Wed, 15 Jan 2020 00:38:48 -0800
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 15 January 2020 08:38:53 UTC
This is similar to https://github.com/whatwg/html/issues/2557. Chrome now has a bug around the credentials mode ([issue](https://bugs.chromium.org/p/chromium/issues/detail?id=1042159)), and I'm now wondering what is the correct value for the request's credentials mode. As far as I read the spec, importScripts() uses [fetch a classic worker-imported script](https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-classic-worker-imported-script) which doesn't set any value to the credentials mode, while [the main script is set to "same-origin"](https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-classic-worker-script). [The default value of the request's credentials mode is "omit"](https://fetch.spec.whatwg.org/#concept-request-credentials-mode), so I think it's "omit". I implemented the byte-for-byte checking in that way recently, but found that the existing implementation seems to use "include". What would be the best value for that? So far, I'm feeling that using "same-origin" would be less confusing. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1497
Received on Wednesday, 15 January 2020 08:38:53 UTC