Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

Changes on SOP and CORS on Firefox

  • 2 trả lời
  • 0 gặp vấn đề này
  • 1 lượt xem
  • Trả lời mới nhất được viết bởi zeroknight

more options

I'm a cybersecurity professional and I'm researching about Same Origin Policy, Cross Origin Resource Sharing and how firefox deal with those things. I've find out that versions before 102.1.0esr, cross-origin script GET requests used to attach cookies (Image 1), but in newer versions, it's not happening (Image 2). I checked the release notes but didn't find nothing about this change.

I would like to learn more about what changed and how Firefox is dealing with cookies, SOP and CORS.

Thanks!

I'm a cybersecurity professional and I'm researching about Same Origin Policy, Cross Origin Resource Sharing and how firefox deal with those things. I've find out that versions before 102.1.0esr, cross-origin script GET requests used to attach cookies (Image 1), but in newer versions, it's not happening (Image 2). I checked the release notes but didn't find nothing about this change. I would like to learn more about what changed and how Firefox is dealing with cookies, SOP and CORS. Thanks!
Đính kèm ảnh chụp màn hình

Tất cả các câu trả lời (2)

more options

It may be due to bug 1802086.

whatwg/fetch#1544 changes the Fetch Standard to remove a web-developer-set Authorization header upon a cross-origin redirect.

According to https://wpt.fyi/results/fetch/api/credentials/authentication-redirection.any.html, all the web browsers already conforms with this spec change.

more options

You can use mozregression to find when the change occurred.