New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 762533 link

Starred by 6 users
Status: Duplicate
Merged: issue 771742
Owner:
horo@chromium.org
Closed: Oct 2017
Cc:
rbasuvula@chromium.org
pfeldman@chromium.org
eostroukhov@chromium.org
horo@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

SW -> Bypass for networking not sending origin header

Reported by nsatra...@gmail.com, Sep 6 2017 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.71 Safari/537.36

Steps to reproduce the problem:
1. Go to a website with a service worker.
2. Perform a cross origin request.
3. The request is sent to the server with the ORIGIN header.
4. Open DevTools -> Application.
5. Enable "Bypass for network"
6. Perform the same cross origin request.

What is the expected behavior?
The ORIGIN header is sent on the request.

What went wrong?
The ORIGIN header is not sent on the request.

Did this work before? N/A 

Chrome version: 61.0.3163.71  Channel: beta
OS Version: 
Flash Version: 

Tested on 61.0.3163.71 and 60.0.3112.113

Comment 1 by peter@chromium.org, Sep 6 2017

Cc: pfeldman@chromium.org horo@chromium.org
Components: Blink>SecurityFeature>CORS

Comment 2 by rbasuvula@chromium.org, Sep 7 2017

Cc: rbasuvula@chromium.org
Labels: Needs-Triage-M61 Needs-Feedback
@ nsatragno: Could you please provide us any sample URL / html file to triage the issue from test team end.

Thank You!

Comment 3 by jor...@wehelpen.nl, Sep 7 2017 

I have the same issue. It's basically anywhere a service-worker in registered.

But for quick sample URL, based on the first plnkr with a service worker I could find:
https://embed.plnkr.co/bxNgc2EfmLlncSUgpMLI/

Initially this fetches JSON from external API just fine. (the configured service worker is empty, doesn't do a thing).
But then follow the steps to enable 'bypass for network', and an fetch error is returned. The console log shows a CORS error:

Failed to load https://jsonplaceholder.typicode.com/users: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://run.plnkr.co' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Comment 4 by nsatra...@chromium.org, Sep 7 2017

Labels: -OS-Linux OS-All
Status: Untriaged (was: Unconfirmed)
jorrit's test case is spot-on. Keep in mind the URL to load the page is

https://plnkr.co/bxNgc2EfmLlncSUgpMLI

The lack of the ORIGIN header is apparent in the network tab.

Comment 5 by paulir...@chromium.org, Sep 11 2017

Owner: eostroukhov@chromium.org
Status: Assigned (was: Untriaged)

Comment 6 by jakearchibald@chromium.org, Sep 28 2017 

https://cdn.rawgit.com/jakearchibald/780e9a72e9fee06aea1321eb3ec0e777/raw/0b4c792557f40c58ffa37c23f850bb1a4c0ed5a5/ another test case.

If you shift-reload, the origin header is sent, as expected. But if you do a regular reload with "Bypass for network", the origin header is missing.

Comment 7 by nsatra...@chromium.org, Sep 29 2017

Labels: -Needs-Feedback

Comment 8 by kinuko@chromium.org, Oct 25 2017 

 Issue 778265  has been merged into this issue.

Comment 9 by horo@chromium.org, Oct 25 2017

Cc: eostroukhov@chromium.org
Components: Blink>ServiceWorker
Mergedinto: 771742
Owner: horo@chromium.org
Status: Duplicate (was: Assigned)
I fixed it in 64.0.3243.0.

Sign in to add a comment