Bug 161654 - Fetch API fails to send Origin header on Same Origin GET requests
Summary: Fetch API fails to send Origin header on Same Origin GET requests
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 151937
  Show dependency treegraph
 
Reported: 2016-09-06 16:20 PDT by Mohammed Khatib
Modified: 2019-06-08 01:49 PDT (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mohammed Khatib 2016-09-06 16:20:20 PDT
Safari Dev Preview seems to successfully set Origin header on these cases:

* Cross Origin GET
* Same Origin POST
* Cross Origin POST

But fails to do the same with Same Origin GET. 

Firefox already successfully implements this and Chrome are working on fixing the same issue in their Fetch implementation.
https://codereview.chromium.org/2290193003/
https://bugs.chromium.org/p/chromium/issues/detail?id=641620#c2
Comment 1 youenn fablet 2016-09-06 22:43:04 PDT
Thanks for filing this bug.

It seems there is consensus to add the Origin header in cors mode, which would cover XHR.
It is not very clear what happens in no-cors mode, see https://github.com/whatwg/fetch/issues/225
Comment 2 Rob Buis 2019-06-08 01:49:05 PDT
It seems this is fixed; the relevant subtests in api/basic/request-headers.any.js pass and the chromium bug was marked as WontFix.