Origin Header: Firefox sent it for POST requests since v59 #2943
Conversation
Elchi3
added
the
data:http
|
@chrisdavidmills can you review this, given you handled the ddn a while ago? https://bugzilla.mozilla.org/show_bug.cgi?id=446344#c113 |
There was a problem hiding this comment.
This isn't quite right. When I went through trying to document this, I eventually found out that the Origin header is sent with non-CORS requests since Fx59, unless they are GET or HEAD (see https://bugzilla.mozilla.org/show_bug.cgi?id=446344#c117).
You also need to add to the BCD to mention this is currently behind a pref (see https://bugzilla.mozilla.org/show_bug.cgi?id=1424076).
Thanks for working on this!
http/headers/origin.json
Outdated
| @@ -20,7 +20,7 @@ | |||
| }, | |||
| "firefox": { | |||
There was a problem hiding this comment.
How about:
"firefox": [
{
"version_added": 59
},
{
"version_added": true,
"partial_implementation": true,
"notes": "Not sent with <code>POST</code> requests until Firefox 58, see <a href='https://bugzil.la/446344'>bug 446344</a>."
}
]
There was a problem hiding this comment.
@chrisdavidmills would this work for you?
There was a problem hiding this comment.
My suggestion misses the required pref and should also be revised as "Not sent with same-origin POST".
There was a problem hiding this comment.
For the 59 information, sdd the pref, and also add a note long the lines of "sent with non-CORS requests since Fx59, unless they are GET or HEAD"
There was a problem hiding this comment.
I've updated this. Does it look good to you now, @chrisdavidmills?
|
Thanks for your work all. |
No description provided.