#15177 closed bug (cantfix)
preflight OPTIONS not sent when credentials are given as arguments to xhr.open()
Reported by: | oberhamsi | Owned by: | |
---|---|---|---|
Priority: | undecided | Milestone: | None |
Component: | ajax | Version: | 2.1.1 |
Keywords: | cors | Cc: | |
Blocked by: | Blocking: |
Description
Tested with jquery master from github and Firefox 30 and Chrome 35 beta.
The preflight OPTIONS request is not sent when credentials are specified as arguments to XMLHttpRequest.open().
Manually adding the "Authorization" header works in both browsers; i.e.: the OPTIONS request is sent before the actual response.
The point of the examples below is to demonstrate that the required OPTIONS requests is sent by the browsers in case 1) but not in case 2). Both requests fail to actually load the content because the *server's response* to the OPTIONS request is wrong.
1) OPTIONS request is correctly sent
var url = "https://test-cors.appspot.com/"; var username = "foo"; var password = "bar"; var xhr = new XMLHttpRequest(); xhr.open('GET', url, true); xhr.withCredentials = true; xhr.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password)); xhr.send();
2) OPTIONS request is *not* sent
var url = "https://test-cors.appspot.com/"; var username = "foo"; var password = "bar"; var xhr = new XMLHttpRequest(); xhr.open('GET', url, true, username, password); xhr.withCredentials = true; xhr.send();
Change History (5)
comment:1 Changed 9 years ago by
comment:2 Changed 9 years ago by
Resolution: | → cantfix |
---|---|
Status: | new → closed |
See discussion in the pull request
comment:3 Changed 9 years ago by
found a public server to make the examples work:
1) per spec: both, the preflight OPTIONS (without credentials) and the normal request (with credentials) are sent: http://jsfiddle.net/c5wS8/
2) preflight OPTIONS not sent resulting in a basicauth popup in chrome: http://jsfiddle.net/kukq8/
if this is intended behaviour, i would file a documentation bug regarding this ;)
comment:4 Changed 9 years ago by
per pullrequest discussion it now seems this is a browser bug.
could you guys please re-open this bug or the other one with the same problem: http://bugs.jquery.com/ticket/12698
or is this really not to be fixed?
pull request: https://github.com/jquery/jquery/pull/1614