Android WebView isn't setting origin header for CORS GET request with Fetch API
Reported by
mike.hay...@gmail.com,
Apr 28 2016
|
||||
Issue descriptionExample URL: Steps to reproduce the problem: 1. Deploy app using WebView 2. Make CORS GET request using Fetch API 3. Monitor the request on server side or via Chrome developer tools What is the expected behavior? An "Origin" header should be set on the request to indicate a CORS request is being made. What went wrong? No "Origin" header is set. As such, the server side doesn't treat this as a CORS request and response headers such as "access-control-expose-headers" are not set to allow access to headers. Did this work before? N/A Chrome version: 50.0.2661.86 Channel: stable OS Version: 49.0.2623.105 Flash Version: Strangely, making a POST request using Fetch results in the "Origin" header being set correctly. Requests via standard XHR also have the "Origin" header set correctly (although XHR uses "file://" as the origin where as Fetch uses "null", either indicate to the server a CORS request is being attempted).
,
May 2 2016
Interesting. What is the result string when you evaluate "document.origin" in the WebView?
,
May 2 2016
Is the request same origin? Even when the mode is set to "cors", Chrome doesn't send the origin header when the request is same-origin and the method is either GET or HEAD. Did you check XHR with the same configuration but just changing the API from Fetch API to XHR?
,
May 6 2016
,
May 9 2016
Tested on webview 49.0.2623.105 as shown in the screenshot and also the latest 51 and the origin header is sent correctly if I do fetch('http://www.google.com/') from a random JSbin page.
If your request is actually cross-origin (as mentioned in comment 3), then you'll have to include more information on how to reproduce this, since it seems to work fine in a simple test.
,
Jun 9 2016
No feedback was received in the last 30 days from reporter "mike.hayes10@gmail.com", so archiving this. Please re-open or file a new bug if this is still an issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by jkarlin@chromium.org
, Apr 29 2016