Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FedCM tutorial should mention CORS header requirement #38240

Open
jespertheend opened this issue Feb 19, 2025 · 1 comment
Open

FedCM tutorial should mention CORS header requirement #38240

jespertheend opened this issue Feb 19, 2025 · 1 comment
Labels
area: WebAuthn Content:WebAPI Web API docs help wanted If you know something about this topic, we would love your help!

Comments

@jespertheend
Copy link
Contributor

MDN URL

https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API/IDP_integration

What specific section or headline is this issue about?

https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API/IDP_integration#the_id_assertion_endpoint

What information was incorrect, unhelpful, or incomplete?

The assertion endpoint never mentions the requirements that need to be met for a request to succeed.

What did you expect to see?

This request fails when the endpoint doesn't respond with the correct CORS headers, specifically:

  • Access-Control-Allow-Origin: https://rp.example
  • Access-Control-Allow-Credentials: true

Chrome currently gives a rather unhelpful error message in the browser console when this requirement isn't met:

The fetch of the id assertion endpoint resulted in a network error: ERR_FAILED

Do you have any supporting links, references, or citations?

https://developers.google.com/privacy-sandbox/cookies/fedcm/implement/identity-provider#id-assertion-endpoint
https://groups.google.com/a/chromium.org/g/blink-dev/c/gYoQJsaiD9E

Do you have anything more you want to share?

No response

MDN metadata

Page report details
@jespertheend jespertheend added the needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. label Feb 19, 2025
@github-actions github-actions bot added the Content:WebAPI Web API docs label Feb 19, 2025
@Josh-Cena Josh-Cena added help wanted If you know something about this topic, we would love your help! area: WebAuthn and removed needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. labels Feb 19, 2025
@jespertheend
Copy link
Contributor Author

Also it might be worth mentioning that the Access-Control-Allow-Origin header should be set to the explicit origin of the requester. So setting "*" as value will not suffice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: WebAuthn Content:WebAPI Web API docs help wanted If you know something about this topic, we would love your help!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jespertheend @Josh-Cena