[Webkit-unassigned] [Bug 112471] cross-origin requests redirected fail or drop author requested headers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 3 06:08:13 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=112471
A George <ancil0504 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |abarth at webkit.org,
| |kbr at google.com
--- Comment #4 from A George <ancil0504 at gmail.com> 2013-07-03 06:10:11 PST ---
(In reply to comment #0)
> What actually happens?
> An XMLHttpRequest from origin-a to origin-a that gets redirected to origin-b fails with status 0. Both origin-a and origin-b in this case return the correct CORS response headers.
>
In my understanding it fails the Resource Sharing check(http://www.w3.org/TR/cors/#resource-sharing-check-0) hence the browser returns 'network error' and doesn't make the the redirected request.
Fails passesAccessControlCheck() in DocumentThreadableLoader::redirectReceived()
> An XMLHttpRequest from origin-a to origin-b that gets redirected drops the author requested headers set via xhr.setRequestHeader(). The tests demonstrate this with the "Accept" header.
>
This fails because the user added header are removed in the following lines
// Remove any headers that may have been added by the network layer that cause access control to fail.
request.clearHTTPContentType();
request.clearHTTPReferrer();
request.clearHTTPOrigin();
request.clearHTTPUserAgent();
request.clearHTTPAccept(); //This remove the application/json header
makeCrossOriginAccessRequest(request);
Bill, Adam is it required the clear the simple headers, does the CORS spec recommends this?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list