[Webkit-unassigned] [Bug 41217] New: CORS XMLHttpRequest withCredentials Not Working As Expected

Fri Jun 25 10:22:06 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=41217

           Summary: CORS XMLHttpRequest withCredentials Not Working As
                    Expected
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows XP
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: XML
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: sng at rim.com

Steps:

1) Test Page with both IFRAME and XHR Request
2) From the IFRAME, log into the secure page with credentials (This will pop up dialog box asking for credentials)
3) Trigger XHR to be sent to the same secure page. WithCredentials Flag is true

Packet Sequence:

- HTTP GET to secure page

-HTTP Response with 401, and the following headers:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: True
Access-Control-Allow-Headers: X-Requested-With
Access-Control-Max-Age: 10

- HTTP GET to secure Page, using basic Authorization and the correct username/password used in step 2 for IFRAME log in
- HTTP Response from Server with 200 (Log in success).

Yet, I am getting a XMLHttpRequest Network Error 101 at the Javascript level. Status = 0 and responseText = ''.

I can reproduce this on both Chrome and Safari.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.