Re: [whatwg/fetch] Allow connection reuse for request without credentials when TLS client auth is not in use (#341) from Matt Menke on 2025-05-14 (public-webapps-github@w3.org from May 2025)

From: Matt Menke <notifications@github.com>
Date: Wed, 14 May 2025 07:46:12 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/341/2880522352@github.com>

MattMenke2 left a comment (whatwg/fetch#341)

Chrome won't re-apply (or even send at all) auth "credentials" on "uncredentialed" connections.  I believe it won't send client certs on those, either.  Chrome used to have separate per-request options to not send cookies vs not send auth, but that didn't really work, given socket reuse logic, and it's my understanding the fetch spec bundles both behaviors together as well.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/341#issuecomment-2880522352
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/341/2880522352@github.com>

Received on Wednesday, 14 May 2025 14:46:16 UTC