Instead of introducing a new header Sec-FedCM-CSRF, I propose that we instead use the existing Sec-Fetch-Dest header with a new value web-identity, matching the root manifest's filename (.well-known/web-identity, https://fedidcg.github.io/FedCM/#check-the-root-manifest)
Instead of introducing a new header Sec-FedCM-CSRF, I propose that we instead use the existing
Sec-Fetch-Dest
header with a new valueweb-identity
, matching the root manifest's filename (.well-known/web-identity, https://fedidcg.github.io/FedCM/#check-the-root-manifest)@bvandersloot-mozilla fyi