- From: Ben Kelly <notifications@github.com>
- Date: Thu, 14 Oct 2021 12:04:33 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 14 October 2021 19:04:45 UTC
Forking this from #1321 where we are planning to propagate the origin field on requests when a service worker does `evt.respondWith(fetch(evt.request))`. In order for the correct SameSite cookies to be sent in some cases we also need to propagate the "site for cookies" from the original request. For example, consider if A frames B1 and then B1 does window.open(B2). Without a service worker in play "site for cookies" would be empty because B1 has a cross-site ancestor. With a service worker, however, the service worker will have a "site for cookies" set to B (even if partitioning is implemented since B2 is not planned to be partitioned). Note, when "site for cookies" is propagated, we may want to allow it when the propagation results in the same or a more restrictive "site for cookies". I'm not sure if there is a way for the service worker "site for cookies", but we probably don't want the initiator to relax that. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1332
Received on Thursday, 14 October 2021 19:04:45 UTC