info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Intent to ship: Fetch Metadata Request Headers
80 views
Skip to first unread message
Niklas Gögge
May 19, 2021, 11:28:46 AM5/19/21
to
As of Firefox 90 we intend to turn Fetch Metadata Request Headers on by default on all platforms. It has been developed behind the dom.security.secFetch.enabled preference. Chrome, Opera and Edge have already shipped this feature.
Bug to turn on by default: https://bugzilla.mozilla.org/show_bug.cgi?id=1695911
A fetch metadata request header is a HTTP request header that provides additional information about the context the request originated from. These header names are prefixed with Sec- and thus they are forbidden header names so headers can not be modified from JavaScript.
Fetch metadata request headers provide the server with additional information about where the request originated from, enabling it to ignore potentially malicious requests.
Standard: https://www.w3.org/TR/fetch-metadata/
web-platform-tests: https://github.com/web-platform-tests/wpt/tree/master/fetch/metadata
Bug to turn on by default: https://bugzilla.mozilla.org/show_bug.cgi?id=1695911
A fetch metadata request header is a HTTP request header that provides additional information about the context the request originated from. These header names are prefixed with Sec- and thus they are forbidden header names so headers can not be modified from JavaScript.
Fetch metadata request headers provide the server with additional information about where the request originated from, enabling it to ignore potentially malicious requests.
Standard: https://www.w3.org/TR/fetch-metadata/
web-platform-tests: https://github.com/web-platform-tests/wpt/tree/master/fetch/metadata
0 new messages