PSA: FedCM will start enforcing MIME type checks for JSON responses

Skip to first unread message

Nicolás Peña

Apr 17, 2023, 6:15:45 PM4/17/23
to blink-dev

The FedCM spec requires that the user agent verifies that the content type of the responses from the IDP endpoints are JSON. We didn’t include these checks in the initial launch of FedCM API (so, for instance, we are currently fine with a file with content type “text/html” if the body can be parsed into JSON). However, a bug was filed in the FedCM spec noting this. For interoperability reasons, we intend to start enforcing this check as of Chrome M114. See the change here. Based on some preliminary testing, we do not anticipate breakage of sites currently using FedCM. That said, we plan to include console error messages so that a developer can understand the breakage locally if it does happen.

Reply all
Reply to author
0 new messages