Changes on SOP and CORS on Firefox
I'm a cybersecurity professional and I'm researching about Same Origin Policy, Cross Origin Resource Sharing and how firefox deal with those things. I've find out that versions before 102.1.0esr, cross-origin script GET requests used to attach cookies (Image 1), but in newer versions, it's not happening (Image 2). I checked the release notes but didn't find nothing about this change.
I would like to learn more about what changed and how Firefox is dealing with cookies, SOP and CORS.
Thanks!
모든 댓글 (2)
It may be due to bug 1802086.
whatwg/fetch#1544 changes the Fetch Standard to remove a web-developer-set Authorization header upon a cross-origin redirect.
According to https://wpt.fyi/results/fetch/api/credentials/authentication-redirection.any.html, all the web browsers already conforms with this spec change.
글에 답글을 달기 위해서는 계정으로 로그인해야만 합니다. 계정이 아직 없다면 새로운 질문을 올려주세요.