Contact emails y...@chromium.org
Specification https://github.com/fedidcg/FedCM/issues/379 Summary Currently we use “Referer” in the header when sending requests to identity providers. “Origin” on the other hand, is a more modern concept and its semantics agree with the value we have. As a result, we decided to use “Origin” instead during a recent discussion <https://github.com/fedidcg/FedCM/issues/320#issuecomment-1302570007> with Safari and Firefox. In particular: - UA should use Origin instead of Referer for the requests that need to expose the RP - UA should send no Origin (instead of Origin: null) for requests that do not expose the RP Risks This may break identity providers who have already implemented FedCM API and had dependency on the “Referer” header. Given that we just shipped FedCM in M108, the number of implementers is manageable and we have reached out to them individually to notify the change so there should be no impact on users. Blink component Blink>Identity>FedCM <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EIdentity%3EFedCM> Debuggability We are adding WPT tests and unit tests in this patch <https://chromium-review.googlesource.com/c/chromium/src/+/4018494>. Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1381227 Estimated milestone M110 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACh2XCNG8u%3D3ZtEuQdVm7BG%2Bk6SHGxmWaFvjOYJwhtStgHvjnA%40mail.gmail.com.
