Side navigation
#11624 closed bug (duplicate)
Opened April 23, 2012 07:22PM UTC
Closed May 05, 2012 04:08PM UTC
Last modified May 05, 2012 04:09PM UTC
CORS support: xhr.getResponseHeader('non-simple-header') returns null on Firefox even when header is one of the Access-Control-Expose-Headers.
| Reported by: | keith.donald@gmail.com | Owned by: | |
|---|---|---|---|
| Priority: | undecided | Milestone: | None |
| Component: | unfiled | Version: | 1.7.2 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
Specific use case where this was confirmed:
My site domain (e.g. domain.com) is calling my API subdomain (e.g. api.domain.name) to POST data via ajax that results in a 201 response containing a Location header value. 'Location' is not a simple header, so it is listed as required by CORS as one of the Access-Control-Expose-Headers.
The Location header value *is* accessible with jQuery via xhr.getResponseHeader('Location') on Chrome (v18) but *NOT* on Firefox (v11). On Firefox, null is consistently returned. Note I am able to access the Location header value on Firefox if I use the native XMLHttpRequest API.
I haven't had a chance to test on any other browsers.
After some investigation I see from the source that jQuery calls nativeXhr.getResponseAllHeaders() to build the header list used by jqXhr.getResponseHeader("") and that the native getResponseAllHeaders() function is completely broken on Firefox when invoked in a CORS context. So I can see how jQuery's hands are somewhat tied here, as alluded to at http://bugs.jquery.com/ticket/10338.
It might be worth adding to your documentation how to access 'non-simple-headers' since the patch you suggest only provides support for simple headers.