179422 2017-11-08 03:15:19 -0800 [Fetch API] Missing authentication header for POST requests 2017-11-08 08:44:25 -0800 1 1 1 Unclassified WebKit WebKit API Safari 11 Mac macOS 10.12 NEW P2 Normal --- 1 Chris webkit-unassigned achristensen youennf oldest_to_newest 1369385 0 Chris 2017-11-08 03:15:19 -0800 Safari: 11.0.1 OS Version: OS X 10.12.6 URLs (if applicable) : Other browsers tested: Chrome Version 61.0.3163.100: FAIL Firefox 56.0b3 (64-bit): OK What steps will reproduce the problem? 1. use HTTP basic auth with browser handled authentication (www-authenticate) 2. make a POST request to the same origin (https) with credentials: 'include' or credentials: 'same-origin' E.G. fetch("/some-path", {headers: {"Content-Type": "application/json", Accept: "application/json"}, credentials: "same-origin", method: "POST", body: "{}"}) 3. inspect request for presence of Authorisation header What is the expected result? Expect the browser to add the Header to the outgoing request What happens instead of that? Header is not present Please provide any additional information below. Attach a screenshot if possible. I initially raised this against the spec as i wasn't sure if it was specified behaviour or not. https://github.com/whatwg/fetch/issues/628#issuecomment-342555664 However I've been advised that this is a bug in the browser and it *should* have added the header Also filed against chrome at: https://bugs.chromium.org/p/chromium/issues/detail?id=782621