androidlop.blogg.se - Web browsers 2017

#1607: TidBITS 32nd anniversary, moving from 1Password to KeePass, pasting plain text, Mail fixes anchor links, RIP Eolake.

Needless to say I'm really excited about ES modules landing in browsers! Performance recommendations, dynamic import & more!Ĭheck out the article on Web Fundamentals for a deep-dive into module usage.

Edge executes scripts with invalid MIME types ( issue).Īnd that's what I've learned so far.

The HTML Standard recommends text/javascript. Unlike regular scripts, modules scripts must be served with one of the valid JavaScript MIME types else they won't execute. It doesn't do anything if the browser follows the new spec, so it's safe to use. If you hit this issue, you can add the crossorigin attribute, which will add credentials to same-origin requests, but not cross-origin request, in any browser that follows the old spec.

New browsers that follow the new spec, and send credentials to same-origin URLs by default.Browsers that followed the spec at the time, and did not send credentials to same-origin URLs by default.Old versions of browsers that, against the spec at the time, sent credentials by to same-origin URLs by default.However, that means you'll encounter three exciting varieties of browser support: However, that all changed, and now fetch() and module scripts behave the same as other CORS-based APIs. Most CORS-based APIs will send credentials (cookies etc) if the request is to the same origin, but for a while fetch() and module scripts were exceptions. Edge loads module scripts without CORS headers ( issue).

Firefox fails to load the demo page ( issue).This means cross-origin module scripts must return valid CORS headers such as Access-Control-Allow-Origin: *. Unlike regular scripts, module scripts (and their imports) are fetched with CORS. Import ' addTextToBody ( "This will not execute." )