[Webkit-unassigned] [Bug 179422] New: [Fetch API] Missing authentication header for POST requests
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 8 03:15:19 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=179422
Bug ID: 179422
Summary: [Fetch API] Missing authentication header for POST
requests
Product: WebKit
Version: Safari 11
Hardware: Macintosh
OS: macOS 10.12
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit API
Assignee: webkit-unassigned at lists.webkit.org
Reporter: Chris at matheson.it
Safari: 11.0.1
OS Version: OS X 10.12.6
URLs (if applicable) :
Other browsers tested:
Chrome Version 61.0.3163.100: FAIL
Firefox 56.0b3 (64-bit): OK
What steps will reproduce the problem?
1. use HTTP basic auth with browser handled authentication (www-authenticate)
2. make a POST request to the same origin (https) with credentials: 'include' or credentials: 'same-origin'
E.G. fetch("/some-path", {headers: {"Content-Type": "application/json", Accept: "application/json"}, credentials: "same-origin", method: "POST", body: "{}"})
3. inspect request for presence of Authorisation header
What is the expected result?
Expect the browser to add the Header to the outgoing request
What happens instead of that?
Header is not present
Please provide any additional information below. Attach a screenshot if
possible.
I initially raised this against the spec as i wasn't sure if it was specified behaviour or not. https://github.com/whatwg/fetch/issues/628#issuecomment-342555664
However I've been advised that this is a bug in the browser and it *should* have added the header
Also filed against chrome at: https://bugs.chromium.org/p/chromium/issues/detail?id=782621
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171108/d3706557/attachment-0001.html>
More information about the webkit-unassigned
mailing list