- From: Domenic Denicola <notifications@github.com>
- Date: Fri, 30 Sep 2022 01:40:45 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 30 September 2022 08:40:58 UTC
Spinning off from https://github.com/whatwg/fetch/pull/465#issuecomment-1263103213 . We suspect that Chromium implements this flag by stripping the username and password from the URL before doing the fetch, which will cause the server worker, or any redirect destinations, to observe the modified URL. Whereas in the Fetch spec, there's a separate boolean which causes the URL credentials to be not-used. This might be just a Chromium bug, but it's worth checking at least WebKit given the shared lineage. It's possible we might want to update the spec to match Chromium's behavior instead, as arguably reducing the number of URLs with usernames/passwords in them throughout the ecosystem is nice. First step is to write some proper web platform tests, I guess. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1496 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/1496@github.com>
Received on Friday, 30 September 2022 08:40:58 UTC