CORS-preflight for GET-request with Authorization-header!?
Build identifier: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 Iceweasel/40.0.3
Would you consider Firefox sending a CORS-preflight for a GET-request with an Authorization-header a bug?
Example:
var xhr = new XMLHttpRequest(); xhr.open("GET", "http://localhost/", true); xhr.setRequestHeader("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ="); xhr.send(null);
Which gives me an unexpected preflight:
OPTIONS XHR http://localhost/ [HTTP/1.1 200 OK 3ms] GET XHR http://localhost/ [HTTP/1.1 200 OK 221ms]
/Kim
All Replies (2)
I am not getting that. I might try updating.
Edeziri
guigs said
I am not getting that. I might try updating.
Could you delete this question? I will instead move it to one of the newsgroups.