New issue
Advanced search Search tips

Issue 782621 link

Starred by 1 user

Issue metadata

Status: Archived
Owner: ----
Closed: Dec 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 3
Type: Bug



Sign in to add a comment

Missing authentication header for POST requests made with fetch API.

Reported by matheson...@gmail.com, Nov 8 2017

Issue description

Chrome Version       : 61.0.3163.100
OS Version: OS X 10.12.6
URLs (if applicable) :
Other browsers tested:
  Safari 11.0.1: FAIL
  Firefox 56.0b3 (64-bit): OK

What steps will reproduce the problem?
1. use HTTP basic auth with browser handled authentication (www-authenticate)
2. make a POST request to the same origin (https) with credentials: 'include' or credentials: 'same-origin'
E.G. fetch("/some-path", {headers: {"Content-Type": "application/json", Accept: "application/json"}, credentials: "same-origin", method: "POST", body: "{}"})
3. inspect request for presence of Authorisation header

What is the expected result?

Expect the browser to add the Header to the outgoing request

What happens instead of that?

Header is not present


Please provide any additional information below. Attach a screenshot if
possible.

I initially raised this against the spec as i wasn't sure if it was specified behaviour or not. https://github.com/whatwg/fetch/issues/628#issuecomment-342555664

However I've been advised that this is a bug in the browser and it *should* have added the header

 

Comment 1 by ricea@chromium.org, Nov 8 2017

Components: Blink>Network>FetchAPI
Labels: Needs-Feedback
Cannot reproduce here in Chrome 62.0.3202.75 on Linux. Using the exact fetch command specified above I see an Authorization header being sent in the Network tab of DevTools.

It won't work if you haven't already authenticated to the site, but I assume you did that.

If you could contribute a web-platform-test that illustrates the problem that would be a big help.
Project Member

Comment 2 by sheriffbot@chromium.org, Dec 11 2017

Status: Archived (was: Unconfirmed)
No feedback was received in the last 30 days from reporter "matheson.cj@gmail.com", so archiving this. Please re-open or file a new bug if this is still an issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment