CORS XHR request using withCredentials=true doesn't send Cookie header
Reported by
peter.mc...@gmail.com,
Dec 31
|
|||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 Example URL: Steps to reproduce the problem: 1. Go to https://cors-test.appspot.com/ and execute the following line in the developer console, to set a cookie for this domain: document.cookie = 'test=test'; 2. Go to https://test-cors.appspot.com/ and execute the following lines to send a CORS XHR request with credentials: var xhr = new XMLHttpRequest(); xhr.open('GET', 'https://cors-test.appspot.com/test', true); xhr.withCredentials = true; xhr.send(); 3. Check the network tab of the developer console for the request headers and Cookies sent in the request. What is the expected behavior? The CORS XHR request should include the following header Cookie: test=test What went wrong? No Cookie header was sent. Did this work before? N/A Chrome version: 71.0.3578.98 Channel: stable OS Version: 10 Flash Version: 1803 (Build 17134.472)
,
Dec 31
,
Jan 1
Tried testing the issue on reported chrome #71.0.3578.98 using Windows 10 by following below steps. Steps: ===== 1.Launched chrome. 2.Navigated to "https://cors-test.appspot.com/". 3.Opened Devtools>Console and executed "document.cookie = 'test=test';". 4.Navigated to "https://test-cors.appspot.com/". 5.Opened Devtools>Console and executed var xhr = new XMLHttpRequest(); xhr.open('GET', 'https://cors-test.appspot.com/test', true); xhr.withCredentials = true; xhr.send(); 6.Opened Network tab and observed "test" with type as "xhr". Attached screencast for reference. @reporter: Could you please review attached screencast and let us know if anything being missed here. Thanks.!
,
Jan 2
,
Jan 3
@ swarnasree.mukkala@chromium.org Yes, the steps are correct. But if the intention was to see if the cookie are sent, then this is missed in the very last step.
,
Jan 3
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 7
Seems OK to me in 71.0.3578.98 on Linux.
,
Jan 11
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by peter.mc...@gmail.com
, Dec 31