in v52, preflight call (OPTIONS) for DELETE http request got 403
Reported by
lwcf1...@gmail.com,
Aug 11 2016
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Steps to reproduce the problem: 1. 2. 3. What is the expected behavior? What went wrong? in v52, Access-Control-Request-Headers: was set to empty string in pre-flight call (OPTIONS) for DELETE request in our web application. this issue only happening in V52, but not in the previous version. Also DELETE with preflight call is working in FF/IE/Safari. A strong suspect is that Access-Control-Request-Headers: was set to empty string in V52, by comparing the headers (Access-Control-Request-Headers: accept) in V51. Any quick help is much appreciated. Did this work before? Yes it works in Version 51.0.2704.103 (64-bit) Chrome version: 52.0.2743.116 Channel: stable OS Version: OS X 10.11.4 Flash Version: Shockwave Flash 22.0 r0
,
Aug 12 2016
,
Aug 12 2016
To re-iterate, in v52, preflight call (OPTIONS) for DELETE http request got 403. The suspect is the Access-Control-Request-Headers which was set to empty string in the preflight call. Whereas in V51, Access-Control-Request-Headers was set to accept. There is no code changes in our application in production, but all delete calls are failing in Chrome v52.
,
Aug 12 2016
Access-Control-Request-Headers is added in Blink fetch code: https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp?l=108&cl=GROK Adjusting component accordingly. I imagine a URL that demonstrates this problem would help. Alternatively, a net-internals log demonstrating this working in M51 and not working in M52 would help: http://dev.chromium.org/for-testers/providing-network-details
,
Aug 15 2016
Issue 637614 has been merged into this issue.
,
Aug 30 2016
We are seeing the same issue. With Chromium v51, preflight OPTIONS requests for POST and DELETE requests work without issue. With Chrome v52 these same requests fail. The curl command from Developer Tools demonstrates that the correct headers are being returned. See attached net-internals logs, one for Chromium v51 (success) and one for Chrome v52 (fail).
,
May 8 2017
Couldn't repro in Canary 60.0.3093.0. |
||||
►
Sign in to add a comment |
||||
Comment 1 by lwcf1...@gmail.com
, Aug 11 2016