FedCM will start enforcing MIME type checks for JSON responses
FedCM developer newsletter
FedCM will start enforcing MIME type checks for JSON responses:
The FedCM spec requires that the user agent verifies that the content type of the responses from the IDP endpoints are JSON. We didn’t include these checks in the initial launch of FedCM API (so, for instance, we are currently fine with a file with content type “text/html” if the body can be parsed into JSON). However, a bug was filed in the FedCM spec noting this. For interoperability reasons, we intend to start enforcing this check as of Chrome M114. See the change here. Based on some preliminary testing, we do not anticipate breakage of sites currently using FedCM. That said, we plan to include console error messages so that a developer can understand the breakage locally if it does happen.
Should you have any feedback on the API, please file them at https://new.crbug.com and set Components to Blink>Identity>FedCM.
Thank you!