x-devtools-emulate-network-conditions-client-id forces CORS preflight requests for redirects when DevTools is open |
||
Issue descriptionVersion: 51.0.2679.0 dev OS: Linux What steps will reproduce the problem? (1) Create a page like: <script> var url = 'http://upload.wikimedia.org/wikipedia/commons/thumb/3/30/AKG_C214_condenser_microphone_with_H85_shock_mount.jpg/1024px-AKG_C214_condenser_microphone_with_H85_shock_mount.jpg'; fetch(url, { headers: {'x-lol': 'hi'}}); fetch(url); </script> (2) Open the page in Chrome (maybe need a local http server) (3) Open DevTools, Network tab, reload. What is the expected output? What do you see instead? The first fetch should trigger an OPTIONS CORS preflight request. But I think the second request should not (at least, Firefox doesn't). Also, the first OPTIONS request has Access-Control-Request-Headers:x-lol, which is right, but the second one has access-control-request-headers:x-devtools-emulate-network-conditions-client-id which is unexpected. It looks like this only happens when the request results in a redirect. If there's no redirect, the behavior is matches Firefox.
,
Apr 2 2016
I can reproduce this in Chrome 51.0.2696.0 canary. Request headers: :method:OPTIONS :scheme:https :version:HTTP/1.1 accept:*/* accept-encoding:gzip, deflate, sdch accept-language:en access-control-request-headers:accept, x-devtools-emulate-network-conditions-client-id access-control-request-method:GET Resulting in a console error: > XMLHttpRequest cannot load https://ores.wmflabs.org/scores/alphawiki/. Request header field X-DevTools-Emulate-Network-Conditions-Client-Id is not allowed by Access-Control-Allow-Headers in preflight response.
,
Apr 5 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e2cf1e240a9c54125b3985650685e0b6f3e3a17a commit e2cf1e240a9c54125b3985650685e0b6f3e3a17a Author: dgozman <dgozman@chromium.org> Date: Tue Apr 05 17:23:28 2016 Allow custom inspector header for CORS preflight. We add this header when inspector is attached and then strip it in the browser. BUG= 595229 Review URL: https://codereview.chromium.org/1860693004 Cr-Commit-Position: refs/heads/master@{#385206} [modify] https://crrev.com/e2cf1e240a9c54125b3985650685e0b6f3e3a17a/third_party/WebKit/LayoutTests/http/tests/inspector/network/network-disable-cache-cors-expected.txt [modify] https://crrev.com/e2cf1e240a9c54125b3985650685e0b6f3e3a17a/third_party/WebKit/LayoutTests/http/tests/inspector/network/network-disable-cache-cors.html [add] https://crrev.com/e2cf1e240a9c54125b3985650685e0b6f3e3a17a/third_party/WebKit/LayoutTests/http/tests/inspector/network/resources/cors-redirect.cgi [modify] https://crrev.com/e2cf1e240a9c54125b3985650685e0b6f3e3a17a/third_party/WebKit/Source/core/fetch/FetchUtils.cpp [modify] https://crrev.com/e2cf1e240a9c54125b3985650685e0b6f3e3a17a/third_party/WebKit/Source/core/inspector/InspectorInstrumentation.cpp [modify] https://crrev.com/e2cf1e240a9c54125b3985650685e0b6f3e3a17a/third_party/WebKit/Source/core/inspector/InspectorInstrumentation.h [modify] https://crrev.com/e2cf1e240a9c54125b3985650685e0b6f3e3a17a/third_party/WebKit/Source/core/inspector/InspectorResourceAgent.cpp
,
Apr 5 2016
|
||
►
Sign in to add a comment |
||
Comment 1 by caseq@chromium.org
, Mar 16 2016Status: Assigned (was: Untriaged)