We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Mulongo oyo etiyamaki na archive. Tuna motuna mosusu soki osengeli na lisalisi

CORS-preflight for GET-request with Authorization-header!?

  • 2 biyano
  • 1 eza na nkokoso oyo
  • 1 view
  • Eyano yasuka ya kimabrandt

kimabrandt
kimabrandt
more options

Build identifier: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 Iceweasel/40.0.3

Would you consider Firefox sending a CORS-preflight for a GET-request with an Authorization-header a bug?

Example: 

   var xhr = new XMLHttpRequest();
   xhr.open("GET", "http://localhost/", true);
   xhr.setRequestHeader("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
   xhr.send(null);

Which gives me an unexpected preflight: 

   OPTIONS XHR http://localhost/ [HTTP/1.1 200 OK 3ms]
   GET XHR http://localhost/ [HTTP/1.1 200 OK 221ms]

/Kim

Build identifier: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 Iceweasel/40.0.3 Would you consider Firefox sending a CORS-preflight for a GET-request with an Authorization-header a bug? Example: var xhr = new XMLHttpRequest(); xhr.open("GET", "http://localhost/", true); xhr.setRequestHeader("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ="); xhr.send(null); Which gives me an unexpected preflight: OPTIONS XHR http://localhost/ [HTTP/1.1 200 OK 3ms] GET XHR http://localhost/ [HTTP/1.1 200 OK 221ms] /Kim

All Replies (2)

guigs
guigs
more options

I am not getting that. I might try updating.

Ezalaki modifié na guigs

kimabrandt
kimabrandt Nkolo motuna
more options

guigs said

I am not getting that. I might try updating.

Could you delete this question? I will instead move it to one of the newsgroups.