Contact emails
Specification
https://github.com/fedidcg/FedCM/issues/379
Summary
Currently we use “Referer” in the header when sending requests to identity providers. “Origin” on the other hand, is a more modern concept and its semantics agree with the value we have. As a result, we decided to use “Origin” instead during a recent discussion with Safari and Firefox. In particular:
UA should use Origin instead of Referer for the requests that need to expose the RP
UA should send no Origin (instead of Origin: null) for requests that do not expose the RP
Risks
This may break identity providers who have already implemented FedCM API and had dependency on the “Referer” header. Given that we just shipped FedCM in M108, the number of implementers is manageable and we have reached out to them individually to notify the change so there should be no impact on users.
Blink component
Debuggability
We are adding WPT tests and unit tests in this patch.
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1381227
Estimated milestone
M110
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACh2XCNG8u%3D3ZtEuQdVm7BG%2Bk6SHGxmWaFvjOYJwhtStgHvjnA%40mail.gmail.com.