Bug 167521

Summary: Cross-origin redirects with preflight should be allowed
Product: WebKit Reporter: Joey Parrish <joeyparrish>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, beidson, youennf
Priority: P2    
Version: Safari 10   
Hardware: Unspecified   
OS: All   

Joey Parrish
Reported 2017-01-27 11:37:33 PST
In August 2016, the Fetch spec was updated [1] to allow cross-origin HTTP redirects, even w/ preflight requests. All major browsers except Safari and Firefox have implemented the change. This is preventing users of Shaka Player from using HTTP redirects for load balancing [2]. Media applications that do this kind of load balancing currently cannot be run in Safari. To reproduce, simply load the repro page [3] in Safari and wait a few seconds for the request to fire. You should see "OK, status = 200", indicating that the cross-origin redirect was followed. In Safari, you see "FAILED", indicating that the redirect was not allowed by the browser. [1] https://github.com/whatwg/fetch/commit/0d9a4db8bc02251cc9e391543bb3c1322fb882f2 [2] https://github.com/google/shaka-player/issues/666 [3] http://storage.googleapis.com/shaka-demo-assets/_bugs/cors_redirect/index.html
Attachments
Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2017-01-30 12:23:36 PST
Thanks for the feedback. Have you tried in latest Safari/latest STP?
Joey Parrish
Comment 2 2017-01-30 12:26:06 PST
Sorry, no, I have not tried in anything but Safari Version 10.0.2 (12602.3.12.0.1). I will grab a WebKit nightly and see if it's fixed there.
youenn fablet
Comment 3 2017-01-30 12:27:17 PST
Safari tech preview should be good enough
Joey Parrish
Comment 4 2017-01-30 12:29:12 PST
Tested again in WebKit nightly r211339. It is working there. I should have tested that before I filed the original report. Is this a feature that could be released in an update to Safari 10? Or will it have to wait for Safari 11? Thanks!
youenn fablet
Comment 5 2017-01-30 12:38:59 PST
> Is this a feature that could be released in an update to Safari 10? Or will > it have to wait for Safari 11? Not exactly sure when this change was introduced. I would think this would be aligned with fetch API implementation. I'll close the bug. Do not hesitate to reopen it if needed.
Note You need to log in before you can comment on or make changes to this bug.