New issue
Advanced search Search tips

Issue 918322 link

Starred by 4 users
Status: Unconfirmed
Owner: ----
Cc:
jarhar@chromium.org
morlovich@chromium.org
swarnasree.mukkala@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

CORS XHR request using withCredentials=true doesn't send Cookie header

Reported by peter.mc...@gmail.com, Dec 31 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Example URL:

Steps to reproduce the problem:
1. Go to https://cors-test.appspot.com/ and execute the following line in the developer console, to set a cookie for this domain:

document.cookie = 'test=test';

2. Go to https://test-cors.appspot.com/ and execute the following lines to send a CORS XHR request with credentials:

var xhr = new XMLHttpRequest();
xhr.open('GET', 'https://cors-test.appspot.com/test', true);
xhr.withCredentials = true;
xhr.send();

3. Check the network tab of the developer console for the request headers and Cookies sent in the request.

What is the expected behavior?
The CORS XHR request should include the following header
Cookie: test=test

What went wrong?
No Cookie header was sent.

Did this work before? N/A 

Chrome version: 71.0.3578.98  Channel: stable
OS Version: 10
Flash Version: 1803 (Build 17134.472)

Comment 2 by swarnasree.mukkala@chromium.org, Dec 31

Labels: Needs-Triage-M71

Comment 3 by swarnasree.mukkala@chromium.org, Jan 1

Cc: swarnasree.mukkala@chromium.org
Labels: Triaged-ET Needs-Feedback
Tried testing the issue on reported chrome #71.0.3578.98 using Windows 10 by following below steps.

Steps:
=====
1.Launched chrome.
2.Navigated to "https://cors-test.appspot.com/".
3.Opened Devtools>Console and executed "document.cookie = 'test=test';".
4.Navigated to "https://test-cors.appspot.com/".
5.Opened Devtools>Console and executed 
 var xhr = new XMLHttpRequest();
 xhr.open('GET', 'https://cors-test.appspot.com/test', true);
 xhr.withCredentials = true;
 xhr.send();
6.Opened Network tab and observed "test" with type as "xhr".

Attached screencast for reference.
@reporter: Could you please review attached screencast and let us know if anything being missed here.
Thanks.!
918322.mp4
4.0 MB View Download

Comment 5 by peter.mc...@gmail.com, Jan 3 

@ swarnasree.mukkala@chromium.org
Yes, the steps are correct. But if the intention was to see if the cookie are sent, then this is missed in the very last step.
Project Member

Comment 6 by sheriffbot@chromium.org, Jan 3

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by morlovich@chromium.org, Jan 7

Cc: morlovich@chromium.org
Components: -Internals>Network Internals>Network>Cookies
Seems OK to me in 71.0.3578.98 on Linux.

Comment 8 by swarnasree.mukkala@chromium.org, Jan 11

Cc: jarhar@chromium.org
 Issue 913260  has been merged into this issue.

Sign in to add a comment