[Webkit-unassigned] [Bug 33688] New: Cross-Domain XMLHttpRequest deny allowed headers access
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 14 14:09:59 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=33688
Summary: Cross-Domain XMLHttpRequest deny allowed headers
access
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
OS/Version: Mac OS X 10.6
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: New Bugs
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: y8 at ya.ru
CC: ap at webkit.org, ukai at chromium.org
Refering to Cross-Origin specification (http://www.w3.org/TR/access-control/),
"6.1.3 Cross-Origin Request with Preflight", WebKit must allow access to
response headers listed in "Access-Control-Allow-Headers" header.
Example:
1. Create XMLHttpRequest
2. Add "X-Test" header with value "Request" to request.
3. WebKit make preflight request to server, and recive valid response with
"Access-Control-Allow-Headers: X-Test",
4. WebKit makes normal request to server with "X-Test" header.
5. Server respond with valid request, and "X-Test: Reply" header
6. getResponseHeader("X-Test") throw Refused to get unsafe header "X-Test"
Test page attached.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list