Issue metadata
Sign in to add a comment
|
Fetch returns cached json reponse with cors headers for wrong origin when working with multiple domains
Reported by
d3f...@gmail.com,
May 31 2018
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 Steps to reproduce the problem: 1. Call fetch with cors mode to an API from domain A where the server sends an Access-Control-Allow-Origin header matching domain A. 2. Call fetch with cors mode to an API from domain B. The browser will see a cached response and return it and it will fail because the Access-Control-Allow-Origin header will not match domain B. What is the expected behavior? It might be out of the fetch specification, but it should possibly consider Access-Control-Allow-Origin before fetch returns a cached response. What went wrong? Fetch fails when a request is made from domain B. Did this work before? N/A Does this work in other browsers? N/A Chrome version: 66.0.3359.181 Channel: n/a OS Version: 10.0 Flash Version: There are ways around it by either disabling cache on the fetch or appending unique query string parameters to the domain.
,
Jun 1 2018
Thanks for filing the issue! @Reporter: Could you please provide sample test file/URL that reproduces the issue which help in further triaging the issue from TE end. Thanks!
,
Jun 1 2018
You can use this temporarily for reproduction:
fetch('https://hcuklmnoj4.execute-api.eu-west-1.amazonaws.com/dev/cors-test', {method:'GET', mode: 'cors'})
You need to run the code snippet on two different domains.
,
Jun 1 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 4 2018
,
Jun 4 2018
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by krajshree@chromium.org
, Jun 1 2018