Anne (:annevk) Reporter
	Description • 7 years ago

See https://github.com/whatwg/fetch/pull/585 for rationale and proposed Fetch Standard change.

Please try to coordinate changing your implementation with others. It's unlikely to be disruptive, but still seems better if it all happens roughly at the same time.

	Ben Kelly [:bkelly, not reviewing] Assignee
	Comment 1 • 6 years ago

There are some WPT test fixes upstream and chrome is mostly ready to implement.  I think we should do this soonish.  Since its likely small I'm assigning to myself.

	Ben Kelly [:bkelly, not reviewing] Assignee
	Comment 5 • 6 years ago

https://treeherder.mozilla.org/#/jobs?repo=try&revision=e5325101012262e139e9f3ae9f502ef6dba16d3f

	Ben Kelly [:bkelly, not reviewing] Assignee
	Comment 7 • 6 years ago

Comment on attachment 8969649 [details] [diff] [review]
P1 Default Request.credentials to "same-origin" instead of "omit". r=baku

Andrea, this patch changes default Request.credentials value from "omit" to "same-origin".  This was discussed and changed in this spec issue:

https://github.com/whatwg/fetch/pull/585

	Ben Kelly [:bkelly, not reviewing] Assignee
	Comment 8 • 6 years ago

Comment on attachment 8969666 [details] [diff] [review]
P2 Fix mochitests to expect "same-origin" default Request.credentials. r=baku

This updates mochitests to expect the new default.

	Ben Kelly [:bkelly, not reviewing] Assignee
	Comment 9 • 6 years ago

Comment on attachment 8969667 [details] [diff] [review]
P3 Fix web-platform-tests to expect "same-origin" default Request.credentials. r=baku

This updates WPT to expect the new default.  Note, this has actually already landed upstream:

https://github.com/w3c/web-platform-tests/commit/55d647f4f561e653a95684b17496f13d12a90512

I'm just doing it as a patch here to avoid having to wrestle with the WPT sync bot.

	Ben Kelly [:bkelly, not reviewing] Assignee
	Comment 10 • 6 years ago

MDN should be updated to reflect that the default Request.credentials value has changed from "omit" to "same-origin".

For determining if this has shipped in other browsers you can look at these issues:

https://bugs.webkit.org/show_bug.cgi?id=176023
https://bugs.chromium.org/p/chromium/issues/detail?id=759543
https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/13474598/

	Pulsebot
	Comment 11 • 6 years ago

Pushed by bkelly@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/2d657d8dadf9
P1 Default Request.credentials to "same-origin" instead of "omit". r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/3c02e9df8b2d
P2 Fix mochitests to expect "same-origin" default Request.credentials. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/2feb276e4fcc
P3 Fix web-platform-tests to expect "same-origin" default Request.credentials. r=baku

	Dorel Luca [:dluca]
	Comment 12 • 6 years ago
bugherder

https://hg.mozilla.org/mozilla-central/rev/2d657d8dadf9
https://hg.mozilla.org/mozilla-central/rev/3c02e9df8b2d
https://hg.mozilla.org/mozilla-central/rev/2feb276e4fcc

	Eric Shepherd [:sheppy]
	Comment 13 • 6 years ago

Documents updated to change the default for credentials to "same-origin":

https://developer.mozilla.org/en-US/docs/Web/API/Request
https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials

Submitted PR #2157 to add the note about this change in Firefox 61 to the browser compatibility database.

Updated Firefox 61 for developers to mention the change.