Credentials mode "omit" incompatible with HTML's navigate #21
Comments
|
Very fair. Hrm. I imagine that most folks who deploy this kind of policy will be pushing the policy down before it's requested, along the lines of https://wicg.github.io/origin-policy/#server-push. It's not really clear to me how the push cache will interact with Fetch's credentials mode. "push" doesn't appear in Fetch, and I haven't poked at Chrome's implementation to see whether we split the cache based upon the original connection type. @sleevi probably knows? I'm open to suggestions here... |
|
The push cache as I understand it is tied to the connection. It would end up failing in existing implementations. |
|
2+ years later, how do people feel about changing the credentials mode to "include", to match navigation? If I recall, 2 years ago we were more bullish about making "omit" the default. It seems like if we want H/2 pushing a policy, or any sync update at all, to be feasible, then we really need to stay on the same connection. |
If the origin policy is to be fetched with credentials mode being "omit", it'll end up using a separate HTTP connection unless whatwg/fetch#341 is fixed in all implementations somehow.
And I do think we want credentials mode to be "omit", especially if we want to fetch these resources out-of-band. (One could imagine a user agent gathering these from useragentserverfarm.com and then sending the appropriate ones to the end user in some kind of compressed format.)
The text was updated successfully, but these errors were encountered: