Avatar for Username

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

Changes on SOP and CORS on Firefox

  • 2 antwurd
  • 0 hawwe dit probleem
  • 5 werjeftes
  • Lêste antwurd fan zeroknight

Henrique Curi
Henrique Curi
more options

I'm a cybersecurity professional and I'm researching about Same Origin Policy, Cross Origin Resource Sharing and how firefox deal with those things. I've find out that versions before 102.1.0esr, cross-origin script GET requests used to attach cookies (Image 1), but in newer versions, it's not happening (Image 2). I checked the release notes but didn't find nothing about this change.

I would like to learn more about what changed and how Firefox is dealing with cookies, SOP and CORS.

Thanks!

I'm a cybersecurity professional and I'm researching about Same Origin Policy, Cross Origin Resource Sharing and how firefox deal with those things. I've find out that versions before 102.1.0esr, cross-origin script GET requests used to attach cookies (Image 1), but in newer versions, it's not happening (Image 2). I checked the release notes but didn't find nothing about this change. I would like to learn more about what changed and how Firefox is dealing with cookies, SOP and CORS. Thanks!
Keppele skermôfbyldingen

Alle antwurden (2)

TyDraniu
TyDraniu
  • Top 10 Contributor
more options

It may be due to bug 1802086.

whatwg/fetch#1544 changes the Fetch Standard to remove a web-developer-set Authorization header upon a cross-origin redirect.

According to https://wpt.fyi/results/fetch/api/credentials/authentication-redirection.any.html, all the web browsers already conforms with this spec change.

zeroknight
zeroknight
more options

You can use mozregression to find when the change occurred.