Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Change how module scripts are fetched
* Module scripts are always fetched with request credentials mode "same-origin" by default, instead of the previous default of "omit". Only worker module scripts can still set that to "omit", using the credentials option to the Worker constructor. Non-worker module scripts, which only have the crossorigin="" attribute available, can only toggle between "same-origin" and "include", similar to how crossorigin="" works for other platform features. * Similarly, import() statements inside of classic scripts now use the "same-origin" credentials mode, instead of "omit". This affects both <script> elements, where the default can be changed using crossorigin="", and other contexts like javascript: URLs and classic worker scripts, where the default cannot be changed. * The top-level script for module workers is always fetched with request mode "same-origin". Cross-origin workers did not quite work due to service workers. Fixes whatwg#2557. Fixes whatwg#3109. Tests: * web-platform-tests/wpt#11274 * web-platform-tests/wpt#13176 * web-platform-tests/wpt#13426
- Loading branch information