Missing authentication header for POST requests made with fetch API.
Reported by
matheson...@gmail.com,
Nov 8 2017
|
||
Issue description
Chrome Version : 61.0.3163.100
OS Version: OS X 10.12.6
URLs (if applicable) :
Other browsers tested:
Safari 11.0.1: FAIL
Firefox 56.0b3 (64-bit): OK
What steps will reproduce the problem?
1. use HTTP basic auth with browser handled authentication (www-authenticate)
2. make a POST request to the same origin (https) with credentials: 'include' or credentials: 'same-origin'
E.G. fetch("/some-path", {headers: {"Content-Type": "application/json", Accept: "application/json"}, credentials: "same-origin", method: "POST", body: "{}"})
3. inspect request for presence of Authorisation header
What is the expected result?
Expect the browser to add the Header to the outgoing request
What happens instead of that?
Header is not present
Please provide any additional information below. Attach a screenshot if
possible.
I initially raised this against the spec as i wasn't sure if it was specified behaviour or not. https://github.com/whatwg/fetch/issues/628#issuecomment-342555664
However I've been advised that this is a bug in the browser and it *should* have added the header
,
Dec 11 2017
No feedback was received in the last 30 days from reporter "matheson.cj@gmail.com", so archiving this. Please re-open or file a new bug if this is still an issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||
►
Sign in to add a comment |
||
Comment 1 by ricea@chromium.org
, Nov 8 2017Labels: Needs-Feedback