w3c / webappsec-credential-management

WebAppSec Credential Management
https://w3c.github.io/webappsec-credential-management/
Other
50 stars 38 forks source link

What can be passed as fetch() credentials? #133

Open lgarron opened 5 years ago

lgarron commented 5 years ago

Per MDN, fetch can take a FederatedCredential as credentials for the init param:

credentials: The request credentials you want to use for the request: omit, same-origin, or include. To automatically send cookies for the current domain, this option must be provided. Starting with Chrome 50, this property also takes a FederatedCredential instance or a PasswordCredential instance.

DefinitelyTyped only includes PasswordCredential in its example, and I wanted to updated it:

https://github.com/DefinitelyTyped/DefinitelyTyped/blob/dda644755a600288dfcf42b9ba6f619c923ed688/types/webappsec-credential-management/index.d.ts#L45

However, I've had trouble telling where (if?) this is defined in either the credential management or fetch specs. Apologies if I missed something obvious, but is there a canonical source of information for what can be passed?

lgarron commented 5 years ago

https://github.com/DefinitelyTyped/DefinitelyTyped/pull/33418 was just merged, so it would be nice to know if MDN was right. 😳

ishitatsuyuki commented 5 years ago

I found it in an older revision of spec, which means it's probably considered obsolete.

https://www.w3.org/TR/2016/WD-credential-management-1-20160425/#fetch-integration