Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Changes on SOP and CORS on Firefox

  • 2 replies
  • 0 have this problem
  • 4 views
  • Last reply by zeroknight

Henrique Curi
Henrique Curi
more options

I'm a cybersecurity professional and I'm researching about Same Origin Policy, Cross Origin Resource Sharing and how firefox deal with those things. I've find out that versions before 102.1.0esr, cross-origin script GET requests used to attach cookies (Image 1), but in newer versions, it's not happening (Image 2). I checked the release notes but didn't find nothing about this change.

I would like to learn more about what changed and how Firefox is dealing with cookies, SOP and CORS.

Thanks!

I'm a cybersecurity professional and I'm researching about Same Origin Policy, Cross Origin Resource Sharing and how firefox deal with those things. I've find out that versions before 102.1.0esr, cross-origin script GET requests used to attach cookies (Image 1), but in newer versions, it's not happening (Image 2). I checked the release notes but didn't find nothing about this change. I would like to learn more about what changed and how Firefox is dealing with cookies, SOP and CORS. Thanks!
Attached screenshots

All Replies (2)

TyDraniu
TyDraniu
  • Top 25 Contributor
more options

It may be due to bug 1802086.

whatwg/fetch#1544 changes the Fetch Standard to remove a web-developer-set Authorization header upon a cross-origin redirect.

According to https://wpt.fyi/results/fetch/api/credentials/authentication-redirection.any.html, all the web browsers already conforms with this spec change.

Helpful?

zeroknight
zeroknight
more options

You can use mozregression to find when the change occurred.

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.