[Webkit-unassigned] [Bug 40138] Authorization header is sent from a Basic Auth protected site on 302 redirect but only with Safari 4.0.5 and OSX 10.5.8
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 14 16:53:42 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=40138
Brady Eidson <beidson at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
AssignedTo|webkit-unassigned at lists.web |beidson at apple.com
|kit.org |
CC| |beidson at apple.com
Ever Confirmed|0 |1
--- Comment #8 from Brady Eidson <beidson at apple.com> 2010-12-14 16:53:43 PST ---
Firefox seems to automatically send credentials if the redirect is to a page in the same security origin, but strips them if the page is not. We should probably match.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list