1136838 - Cors is not working on 36.0

Status: RESOLVED INCOMPLETE

(Core :: DOM: Security, defect)

Description

[pmaia]

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36

Steps to reproduce:

Make a CORS request


Actual results:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at "URL". This can be fixed by moving the resource to the same domain or enabling CORS.


Expected results:

Make the request as old versions

Comment 1

[Matthias Versen [:Matti]]

Please provide a testcase with steps to reproduce

Comment 2

[pmaia]

Hi Matthias,

Please go to qa.exceedlabs.com and try to login using an email and password. You will see the error on console.

Comment 3

[phips]

Asana also has this issue while trying to upload attachments using CORS

Comment 4

[phips]

Asana also has this issue while trying to upload attachments using CORS

Comment 5

[bjorn]

Seems related to https://bugzilla.mozilla.org/show_bug.cgi?id=1137432.

For both pmia and phips, the cross-domain requests are being made against hosts with underscores.

Have a repro that I can make available, where a cross domain requests work to S3 buckets without underscores, but fail on buckets with underscores.

Comment 6

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

This is probably being caused by bug 1136616.

Comment 7

[Christoph Kerschbaumer [:ckerschb]]

Making my way through old bugs here. Is this working again after Bug 1136616 landed? Otherwise I'll find someone to take a look at this problem.

Comment 8

[Christoph Kerschbaumer [:ckerschb]]

Closing this bug as INCOMPLETE - potentially it's not an issue anymore.