We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

CORS-preflight for GET-request with Authorization-header!?

  • 2 antwurd
  • 1 hat dit probleem
  • 9 werjeftes
  • Lêste antwurd fan kimabrandt

more options

Build identifier: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 Iceweasel/40.0.3

Would you consider Firefox sending a CORS-preflight for a GET-request with an Authorization-header a bug?

Example:

   var xhr = new XMLHttpRequest();
   xhr.open("GET", "http://localhost/", true);
   xhr.setRequestHeader("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
   xhr.send(null);

Which gives me an unexpected preflight:

   OPTIONS XHR http://localhost/ [HTTP/1.1 200 OK 3ms]
   GET XHR http://localhost/ [HTTP/1.1 200 OK 221ms]

/Kim

Build identifier: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 Iceweasel/40.0.3 Would you consider Firefox sending a CORS-preflight for a GET-request with an Authorization-header a bug? Example: var xhr = new XMLHttpRequest(); xhr.open("GET", "http://localhost/", true); xhr.setRequestHeader("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ="); xhr.send(null); Which gives me an unexpected preflight: OPTIONS XHR http://localhost/ [HTTP/1.1 200 OK 3ms] GET XHR http://localhost/ [HTTP/1.1 200 OK 221ms] /Kim

Alle antwurden (2)

more options

I am not getting that. I might try updating.

Bewurke troch guigs op

more options

guigs said

I am not getting that. I might try updating.

Could you delete this question? I will instead move it to one of the newsgroups.