Bug 161654
| Summary: | Fetch API fails to send Origin header on Same Origin GET requests | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Mohammed Khatib <mkhatib727> |
| Component: | WebKit2 | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | rbuis, youennf |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | |||
| Bug Blocks: | 151937 | ||
Mohammed Khatib
Safari Dev Preview seems to successfully set Origin header on these cases:
* Cross Origin GET
* Same Origin POST
* Cross Origin POST
But fails to do the same with Same Origin GET.
Firefox already successfully implements this and Chrome are working on fixing the same issue in their Fetch implementation.
https://codereview.chromium.org/2290193003/
https://bugs.chromium.org/p/chromium/issues/detail?id=641620#c2
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
youenn fablet
Thanks for filing this bug.
It seems there is consensus to add the Origin header in cors mode, which would cover XHR.
It is not very clear what happens in no-cors mode, see https://github.com/whatwg/fetch/issues/225
Rob Buis
It seems this is fixed; the relevant subtests in api/basic/request-headers.any.js pass and the chromium bug was marked as WontFix.