[Webkit-unassigned] [Bug 239944] New: Safari does not persist the Authorization header on redirect
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun May 1 08:29:21 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=239944
Bug ID: 239944
Summary: Safari does not persist the Authorization header on
redirect
Product: WebKit
Version: Safari 15
Hardware: Mac (Intel)
OS: macOS 12
Status: NEW
Severity: Normal
Priority: P2
Component: XML
Assignee: webkit-unassigned at lists.webkit.org
Reporter: 906529775 at qq.com
Sorry, my English is not good, the following content is generated by translation software.
I describe the problem I have:
In Safari, I send a request via fetch:
/api/user/list?page=1&page_size=10
Because the path is wrong, the status code returned by the server is 301, and a new request path is given:
/api/user/list/?page=1&page_size=10
After Safari receives 301, it automatically sends a new request, but does not bring the Authorization request header.
My expectation is to bring the Authorization request header when redirecting, what should I do? Looking forward to your reply, thanks.
Note: When redirecting, the Chrome browser will take the Authorization request with it.
The full request log is below:
First request(Has Authorization request header):
Request
GET /api/user/list?page=1&page_size=10
Authorization: Bearer xxxxxxxxxxxx
Referer: https://test.com/api/user/list?page=1&page_size=10
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
Cache-Control: no-cache
Pragma: no-cache
X-OA-ID: 10004572
------
Response to first request:
Redirect Response
301 Moved Permanently
Location: /api/user/list/?page=1&page_size=10
Date: Sun, 01 May 2022 09:29:24 GMT
Referrer-Policy: same-origin
------
Redirects automatically sent by Safari(No Authorization header):
Request
GET /api/user/list/?page=1&page_size=10 HTTP/1.1
Accept: */*
Pragma: no-cache
Cookie: xxxxxxxxxxxx
Referer: https://test.com/api/user/list
Cache-Control: no-cache
Host: test.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
X-OA-ID: 10004572
------
I found 2 similar questions on stackoverflow, but none were solved.
https://stackoverflow.com/questions/71311305/how-to-prevent-safari-from-dropping-the-authorization-header-when-following-a-sa
https://stackoverflow.com/questions/57974176/safari-does-not-persist-the-authorization-header-on-redirect
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220501/401c3c9c/attachment.htm>
More information about the webkit-unassigned
mailing list