Re: [whatwg/fetch] Request with credentials included, but only if they are partitioned (Issue #1892) from Jeffrey Yasskin on 2025-12-05 (public-webapps-github@w3.org from December 2025)

From: Jeffrey Yasskin <notifications@github.com>
Date: Thu, 04 Dec 2025 16:39:23 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1892/3614864712@github.com>

jyasskin left a comment (whatwg/fetch#1892)

@arichiv is proposing https://github.com/explainers-by-googlers/third-party-cookie-allowlist-header to give sites HTTP-level control over how unpartitioned credentials are used. Adding this thread's feature to `fetch()` (so exposing it to JS) should probably be coordinated with the HTTP allowlist. I don't have a good sense of whether the specification-level feature needs to be coordinated with both.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1892#issuecomment-3614864712
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/1892/3614864712@github.com>

Received on Friday, 5 December 2025 00:39:27 UTC