24905 – [imports]: Fetches for imports should be anonymous only for cross origin requests

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24905 - [imports]: Fetches for imports should be anonymous only for cross origin requests

Summary: [imports]: Fetches for imports should be anonymous only for cross origin requ...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebAppsWG
Classification:	Unclassified
Component:	HISTORICAL - Component Model (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assignee:	Dimitri Glazkov
QA Contact:	public-webapps-bugzilla

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	20683
	Show dependency tree / graph

Reported:	2014-03-04 01:11 UTC by Morrita Hajime
Modified:	2014-03-04 01:42 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description Morrita Hajime 2014-03-04 01:11:21 UTC

Currently the fetch is always done in "anonymous" mode, 
but it could send credentials for same domain imports.

Also, the spec is confusingly uses fetch algorithm with legacy HTML parameters.
It could be simplified using the fetch standard directly.

Comment 1 Morrita Hajime 2014-03-04 01:42:16 UTC

https://github.com/w3c/webcomponents/commit/09fc6480cd9e20b92f742b7c70d2a397319f6291