[Webkit-unassigned] [Bug 192234] New: Safari 12 - Fetch with Manual Redirect CORS Error
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 30 11:13:13 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=192234
Bug ID: 192234
Summary: Safari 12 - Fetch with Manual Redirect CORS Error
Product: WebKit
Version: Safari 12
Hardware: Macintosh
OS: macOS 10.14
Status: NEW
Severity: Normal
Priority: P2
Component: Page Loading
Assignee: webkit-unassigned at lists.webkit.org
Reporter: richard.seviora at gmail.com
CC: beidson at apple.com
I've ran into a bug while working on a project for a client:
Scenario:
1. Make window.fetch request with the following options:
method: 'get'
redirect: 'manual'
credentials: 'include'
headers:
Accept: 'application/vnd.api+json'
Content-Type: 'application/vnd.api+json'
Request Origin is http://localhost:4000
Endpoint responds with
HTTP/1.1 302 Found
Location: $SNIP$
Access-Control-Allow-Origin: http://localhost:4000
Access-Control-Expose-Headers: ETag
Access-Control-Allow-Headers: x-requested-with,Content-Type,If-Modified-Since,If-None-Match,Auth-User-Token,Authorization,Cookie,Credentials,origin
Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
(Other cookies omitted)
EXPECTED
Safari handles request and treats it as successful request.
ACTUAL
Safari generates errors:
[Error] Origin http://localhost:4000 is not allowed by Access-Control-Allow-Origin.
[Error] Fetch API cannot load http://SNIP/logout due to access control checks.
[Error] Failed to load resource: Origin http://localhost:4000 is not allowed by Access-Control-Allow-Origin. (logout, line 0)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181130/2099ce44/attachment-0001.html>
More information about the webkit-unassigned
mailing list