Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

CORS-preflight for GET-request with Authorization-header!?

  • 2 fhreagra
  • 1 leis an bhfadhb seo
  • 1 view
  • Freagra is déanaí ó kimabrandt

more options

Build identifier: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 Iceweasel/40.0.3

Would you consider Firefox sending a CORS-preflight for a GET-request with an Authorization-header a bug?

Example:

   var xhr = new XMLHttpRequest();
   xhr.open("GET", "http://localhost/", true);
   xhr.setRequestHeader("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
   xhr.send(null);

Which gives me an unexpected preflight:

   OPTIONS XHR http://localhost/ [HTTP/1.1 200 OK 3ms]
   GET XHR http://localhost/ [HTTP/1.1 200 OK 221ms]

/Kim

Build identifier: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 Iceweasel/40.0.3 Would you consider Firefox sending a CORS-preflight for a GET-request with an Authorization-header a bug? Example: var xhr = new XMLHttpRequest(); xhr.open("GET", "http://localhost/", true); xhr.setRequestHeader("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ="); xhr.send(null); Which gives me an unexpected preflight: OPTIONS XHR http://localhost/ [HTTP/1.1 200 OK 3ms] GET XHR http://localhost/ [HTTP/1.1 200 OK 221ms] /Kim

All Replies (2)

more options

I am not getting that. I might try updating.

Athraithe ag guigs ar

more options

guigs said

I am not getting that. I might try updating.

Could you delete this question? I will instead move it to one of the newsgroups.