Summary: | XHR CORS on 302 Redirect sets Origin to "null" in request | ||
---|---|---|---|
Product: | WebKit | Reporter: | Terin Stock <terinjokes> |
Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
Status: | UNCONFIRMED --- | ||
Severity: | Major | CC: | abarth, achristensen, ap, bbudge, beidson, brent, micahnyc, mike, webdev, youennf |
Priority: | P2 | Keywords: | InRadar |
Version: | 528+ (Nightly build) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
See Also: |
https://bugs.webkit.org/show_bug.cgi?id=144817 https://bugs.webkit.org/show_bug.cgi?id=222653 |
Description
Terin Stock
2012-10-09 18:00:39 PDT
X-Post: Safari: rdar://problem/12466595 (http://openradar.appspot.com/radar?id=2135401) Chrome: http://openradar.appspot.com/radar?id=2135401 Here is a web page that demonstrates the problem. The second test causes a cross-origin redirect, and the new request has no 'Origin' header. http://origin-a.sigusrone.com/cors-redirect-accept-header See also: bug 112471. I've experienced this behavior with a 303 redirect as well. My site was using the S3 "Browser-Based Uploads Using POST" feature, which can optionally emit a 303 redirect once the upload is complete. http://origin-a.sigusrone.com/cors-redirect-accept-header is now working properly. Brent, have you tried recent Safari versions, like Safari Tech Preview? Would you be able to provide a reduced test case? |