Access-Control-Allow-Credentials: true not working.

RESOLVED INVALID

Status

()

RESOLVED INVALID
4 years ago
3 years ago

People

(Reporter: renesd, Unassigned)

Tracking

32 Branch
x86
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0
Build ID: 20140825202822

Steps to reproduce:

Trying to set a cookie when Access-Control-Allow-Credentials:true header is returned from the server, and withCredentials is set in JavaScript land should work.  It works in other browsers like Chrome.

See here for an example referenced from the spec.
http://arunranga.com/examples/access-control/credentialedRequest.html

Click that once, and you should see a Set-Cookie: pageAccess=1; in the headers returned by the server. Click it again to see that number incremented (it's not in firefox).


Actual results:

It should be setting a cookie, but it is not.




Expected results:

It should be setting a cookie, but it is not.

In other browsers it sends the header "Set-Cookie: pageAccess=2;..." on the second click.
(Reporter)

Comment 1

4 years ago
Here is the Mozilla Developer Network page "Access-Control-Allow-Credentials" section: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS?redirectlocale=en-US&redirectslug=HTTP_access_control#Access-Control-Allow-Credentials

The "Requests with credentials" section is also relevant (this is where I found the example which is not working in Firefox): https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials
(Reporter)

Comment 2

4 years ago
I had Settings->Privacy-> Accept-third-party cookies: never set.  So this behaviour is expected.  When I changed it to Always it worked again.  This does break CORS for a lot of use cases however.

A warning for why the Set-Cookie fails would be nice, but I guess this bug can be closed.

Updated

4 years ago
Component: Untriaged → Networking: Cookies
Product: Firefox → Core
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.