[Webkit-unassigned] [Bug 103977] New: Cross Origin XMLHttpRequest can not expose "Location" header even if it is indicated in Access-Control-Expose-Headers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 4 00:20:50 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=103977
Summary: Cross Origin XMLHttpRequest can not expose "Location"
header even if it is indicated in
Access-Control-Expose-Headers
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows XP
Status: UNCONFIRMED
Severity: Major
Priority: P2
Component: XML
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: florin.botis at gmail.com
Scenario:
1. Make a XHR request to a CORS URL.
2. In the CORS preflight response (and all other server responses) the server includes next header
Access-Control-Expose-Headers: Location
3. Make the actual CORS call
4. Server responds with HTTP status 201 and includes "Location" header in its response. The "Location" header can be seen using a HTTP packets sniffer.
5. jQuery's xhr.getResponseHeader("Location") returns null even if the Location header is present in the response and it was included in "Access-Control-Expose-Headers"
I can reproduce the issue on Safari. It was found on Windows XP, Safari 5.1.7
On Windows XP, Chrome 23.0.1271 the bug isn't reproducing
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list