Avatar for Username

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

Learn More

Changes on SOP and CORS on Firefox

  • 2 回覆
  • 0 有這個問題
  • 4 次檢視
  • 最近回覆由 zeroknight

Henrique Curi
Henrique Curi
more options

I'm a cybersecurity professional and I'm researching about Same Origin Policy, Cross Origin Resource Sharing and how firefox deal with those things. I've find out that versions before 102.1.0esr, cross-origin script GET requests used to attach cookies (Image 1), but in newer versions, it's not happening (Image 2). I checked the release notes but didn't find nothing about this change.

I would like to learn more about what changed and how Firefox is dealing with cookies, SOP and CORS.

Thanks!

I'm a cybersecurity professional and I'm researching about Same Origin Policy, Cross Origin Resource Sharing and how firefox deal with those things. I've find out that versions before 102.1.0esr, cross-origin script GET requests used to attach cookies (Image 1), but in newer versions, it's not happening (Image 2). I checked the release notes but didn't find nothing about this change. I would like to learn more about what changed and how Firefox is dealing with cookies, SOP and CORS. Thanks!
附加的畫面擷圖

所有回覆 (2)

TyDraniu
TyDraniu
  • Top 25 Contributor
more options

It may be due to bug 1802086.

whatwg/fetch#1544 changes the Fetch Standard to remove a web-developer-set Authorization header upon a cross-origin redirect.

According to https://wpt.fyi/results/fetch/api/credentials/authentication-redirection.any.html, all the web browsers already conforms with this spec change.

有幫助嗎?

zeroknight
zeroknight
more options

You can use mozregression to find when the change occurred.

有幫助嗎?

問個問題

如果您還沒有帳號,您必須先登入帳號 來回覆文章。還沒有帳號的話,只能發問新問題