[Webkit-unassigned] [Bug 230935] New: authorization header lost on redirect request

Tue Sep 28 21:41:06 PDT 2021

https://bugs.webkit.org/show_bug.cgi?id=230935

            Bug ID: 230935
           Summary: authorization header lost on redirect request
           Product: WebKit
           Version: Safari 14
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rli at enerbankusa.com
                CC: beidson at apple.com

When making a request to an endpoint that returns 303 with a Location header, the Authorization header is not being sent on the second request. Behavior seems to be the same with the other 3xx redirect status codes. 
Example https://stackblitz.com/edit/js-xkjyaj?file=index.js

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210929/9074291f/attachment.htm>