From e26ab8afe29e23b3a4e34dbb588c285dcf68a8dc Mon Sep 17 00:00:00 2001 From: Anne van Kesteren Date: Fri, 20 Apr 2018 19:07:23 +0200 Subject: [PATCH] Change how module scripts are fetched * Module scripts are always fetched with credentials mode "same-origin" by default and can no longer use "omit". This makes them match other high-level platform features. * The top-level script for module workers is always fetched with request mode "same-origin" and credentials mode "same-origin". Cross-origin workers did not quite work due to service workers. * Any module worker import scripts are fetched with request credentials mode "same-origin" and this cannot be configured for now. Fixes #2557 and fixes #3109. --- source | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/source b/source index 6c2e8a59d32..559fa60436d 100644 --- a/source +++ b/source @@ -7011,8 +7011,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
No CORS
-
"omit"
-
Anonymous
"same-origin"
@@ -86581,8 +86579,9 @@ interface ApplicationCache : EventTarget { empty string, parser metadata is "not-parser-inserted", credentials mode is "omit", and referrer - policy is the empty string.

+ data-x="">same-origin", and referrer policy is the empty + string.

Given a request request and a script fetch options options, we define:

@@ -86842,9 +86841,9 @@ interface ApplicationCache : EventTarget {

To fetch a module worker script graph given a url, a fetch client settings object, a - destination, a credentials mode, and a module map settings - object, run these steps. The algorithm will asynchronously complete with either null (on - failure) or a module script (on success).

+ destination, and a module map settings object, run these steps. The + algorithm will asynchronously complete with either null (on failure) or a module + script (on success).

  1. Let visited set be « url ».

  2. @@ -86854,9 +86853,10 @@ interface ApplicationCache : EventTarget { data-x="concept-script-fetch-options-integrity">integrity metadata is the empty string, parser metadata is "not-parser-inserted", credentials mode is credentials - mode, and referrer - policy is the empty string.

    + data-x="concept-script-fetch-options-credentials">credentials mode is "same-origin", and referrer policy is the empty + string.

  3. Perform the internal module script graph fetching procedure given url, fetch client settings object, destination, @@ -86940,6 +86940,11 @@ interface ApplicationCache : EventTarget { data-x="concept-request-client">client is fetch client settings object.

  4. +
  5. If destination is "worker" or "sharedworker" and the top-level module fetch flag is set, then set + request's mode to "same-origin". +

  6. Set up the module script request given request and options.

  7. @@ -97274,8 +97279,7 @@ interface SharedWorkerGlobalScope : WorkerGlobalScope {
    "module"
    Fetch a module worker script graph given url, outside - settings, destination, the value of the credentials - member of options, and inside settings.
    + settings, destination, and inside settings.

In both cases, to perform the fetch @@ -97688,7 +97692,6 @@ interface Worker : EventTarget { dictionary WorkerOptions { WorkerType type = "classic"; - RequestCredentials credentials = "omit"; // credentials is only used if type is "module" DOMString name = ""; }; @@ -97703,9 +97706,8 @@ enum WorkerType { "classic", "module" }; communication channel. options can be used to define the name of that global environment via the name option, primarily for debugging purposes. It can also ensure this new - global environment supports JavaScript modules (specify type: "module"), - and if that is specified, can also be used to specify how scriptURL is fetched through - the credentials option. + global environment supports JavaScript modules (specify type: "module").

worker . terminate()
Aborts worker's associated global environment.
@@ -97833,9 +97835,7 @@ interface SharedWorker : EventTarget { represents the communication channel. options can be used to define the name of that global environment via the name option. It can also ensure this new global environment supports JavaScript - modules (specify type: "module"), and if that is specified, can also be - used to specify how scriptURL is fetched through the credentials option. + modules (specify type: "module").
sharedWorker . port
Returns sharedWorker's MessagePort object which can be used to