Changes on SOP and CORS on Firefox

2 Antworten
0 haben dieses Problem
5 Aufrufe
Letzte Antwort von zeroknight

vor 11 Monaten

01.02.24, 06:44

I'm a cybersecurity professional and I'm researching about Same Origin Policy, Cross Origin Resource Sharing and how firefox deal with those things. I've find out that versions before 102.1.0esr, cross-origin script GET requests used to attach cookies (Image 1), but in newer versions, it's not happening (Image 2). I checked the release notes but didn't find nothing about this change.

I would like to learn more about what changed and how Firefox is dealing with cookies, SOP and CORS.

Thanks!

I'm a cybersecurity professional and I'm researching about Same Origin Policy, Cross Origin Resource Sharing and how firefox deal with those things. I've find out that versions before 102.1.0esr, cross-origin script GET requests used to attach cookies (Image 1), but in newer versions, it's not happening (Image 2). I checked the release notes but didn't find nothing about this change. I would like to learn more about what changed and how Firefox is dealing with cookies, SOP and CORS. Thanks!

Angefügte Screenshots

Answer 1 · 2024-02-01 06:44:10.791649

TyDraniu

Top 10 Contributor

01.02.24, 07:02

It may be due to bug 1802086.

whatwg/fetch#1544 changes the Fetch Standard to remove a web-developer-set Authorization header upon a cross-origin redirect.

According to https://wpt.fyi/results/fetch/api/credentials/authentication-redirection.any.html, all the web browsers already conforms with this spec change.

Answer 2 · 2024-02-01 06:44:10.791649

zeroknight

01.02.24, 07:16

You can use mozregression to find when the change occurred.

Hilfe durchsuchen

Changes on SOP and CORS on Firefox

Alle Antworten (2)

Nach Produkt erkunden

Nach Produkt erkunden

Nach Produkt durchsuchen

Themen im Forum nach Thema durchsuchen

Holen Sie sich Hilfe zu

Hilfe durchsuchen

Changes on SOP and CORS on Firefox

Alle Antworten (2)