[Spec] Set correct initiator (origin) of requests. #1246
Conversation
|
This was pointed out in #1212 (comment) |
|
The spec also didn't set policy container field, which we may need to fix separately |
Note that this is linking to an out-of-date version of the file; it doesn't affect origin for scripts but does affect it for trusted signals. |
| @@ -2502,6 +2512,9 @@ To <dfn>send report</dfn> given a [=URL=] |url|: | |||
| : [=request/redirect mode=] | |||
| :: "`error`" | |||
|
|
|||
| Issue: One of the side-effects of a `null` client for this subresource request is it neuters | |||
| all service worker interceptions, despite not having to set the service workers mode. | |||
There was a problem hiding this comment.
...Maybe we should just set it to "no service workers" explicitly?
There was a problem hiding this comment.
IIRC, we didn't set service workers mode explicitly in Chrome's network code, that's why we had this note. But yes, just setting it to no service workers is probably a good idea.
There was a problem hiding this comment.
Agreed. Not setting it in the implementation still gives it a default value under the hood. I'd make that explicit in the spec.
There was a problem hiding this comment.
This was at the bottom of my inbox, but it looks like this comment was never addressed, right? We did not set the service workers mode explicitly, is that right?
There was a problem hiding this comment.
sorry forgot this. Here it is: #1351.
ah updated others, but still missed one :). Updated now. |
| @@ -2502,6 +2512,9 @@ To <dfn>send report</dfn> given a [=URL=] |url|: | |||
| : [=request/redirect mode=] | |||
| :: "`error`" | |||
|
|
|||
| Issue: One of the side-effects of a `null` client for this subresource request is it neuters | |||
| all service worker interceptions, despite not having to set the service workers mode. | |||
There was a problem hiding this comment.
Agreed. Not setting it in the implementation still gives it a default value under the hood. I'd make that explicit in the spec.
Co-authored-by: Dominic Farolino <[email protected]>
SHA: c0ac4a8 Reason: push, by qingxinwu Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
As https://fetch.spec.whatwg.org/#fetch-elsewhere-request says:
"If your fetching is not directly web-exposed, e.g., it is sent in the background without relying on a current Window or Worker, leave request’s client as null and set the request’s origin, policy container, service-workers mode, and referrer to appropriate values instead"
In the spec, we didn't set [=request/origin=] for most requests (also didn't set policy container field, which we may need to fix separately).
In implementation, we did set request initiator (spec's [=request/origin=]). Code references of what origins are set to:
script fetch: frame origin.
permissions check fetch: frame origin.
IG update fetch: IG owner
send report fetch: frame origin
Preview | Diff