-
Notifications
You must be signed in to change notification settings - Fork 323
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Doc: Definition of credentials unclear #612
Comments
Authentication entries is to describe HTTP authentication. There's nothing else (other than TLS client certificates which are listed separately). @sideshowbarker was planning on clarifying this I believe, but he's been rather busy with other things lately. |
Yeah, I should be able to get back to it this week |
@roryhewitt if the d84658e change doesn’t resolve this to your satisfaction, then please either raise a new issue with specific suggestions for refining it further, or else comment here further (and we can re-open this issue itself if necessary). |
Currently, the fetch spec defines credentials as follows:
with authentication entries further defined as follows:
Two questions have been raised by my customers:
Access-Control-Allow-Credentials
they're thinking of cookies and maybe theAuthorization
request header. Is there a comprehensive list of other authentication entries?When I checked the fetch spec example https://fetch.spec.whatwg.org/#example-cors-with-credentials (which I originally wrote, with editing by @annevk!) it uses the obvious example of Set-Cookie headers being ignored. Interested to know what other cases might apply. From a server-developer POV, what else would eb ignored in the response - everything?
The text was updated successfully, but these errors were encountered: