Closed
Bug 1061610
Opened 10 years ago
Closed 8 years ago
Access-Control-Allow-Credentials: true not working.
Categories
(Core :: Networking: Cookies, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: renesd, Unassigned)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0 Build ID: 20140825202822 Steps to reproduce: Trying to set a cookie when Access-Control-Allow-Credentials:true header is returned from the server, and withCredentials is set in JavaScript land should work. It works in other browsers like Chrome. See here for an example referenced from the spec. http://arunranga.com/examples/access-control/credentialedRequest.html Click that once, and you should see a Set-Cookie: pageAccess=1; in the headers returned by the server. Click it again to see that number incremented (it's not in firefox). Actual results: It should be setting a cookie, but it is not. Expected results: It should be setting a cookie, but it is not. In other browsers it sends the header "Set-Cookie: pageAccess=2;..." on the second click.
Reporter | ||
Comment 1•10 years ago
|
||
Here is the Mozilla Developer Network page "Access-Control-Allow-Credentials" section: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS?redirectlocale=en-US&redirectslug=HTTP_access_control#Access-Control-Allow-Credentials The "Requests with credentials" section is also relevant (this is where I found the example which is not working in Firefox): https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials
Reporter | ||
Comment 2•10 years ago
|
||
I had Settings->Privacy-> Accept-third-party cookies: never set. So this behaviour is expected. When I changed it to Always it worked again. This does break CORS for a lot of use cases however. A warning for why the Set-Cookie fails would be nice, but I guess this bug can be closed.
Updated•8 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•