Created attachment 8904314 [details] [diff] [review] web-platform-tests patch demonstrating the issue While developer tools should certainly show CORS errors, they should continue to show what requests the browser made and the server responded with. Instead I get and no listing of a request to example.com: > Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://example.com/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). > Firefox can’t establish a connection to the server at http://web-platform.test:8000/eventsource/resources/last-event-id-leakage.py. Chrome doesn't have this problem. Found while working on https://github.com/whatwg/fetch/issues/568.
Thanks for the report! Can you please provide some steps to reproduce the problem, so we can follow and see it on our machines? Thanks, Honza
Comment on attachment 8904314 [details] [diff] [review] web-platform-tests patch demonstrating the issue If you apply the attached patch in the web-platform-tests directory you should be able to observe the problem. Alternatively you'd need to setup your own EventSource request that hits a redirect to a cross-origin resource that doesn't use CORS and then observe that the developer console doesn't give a whole lot of information about that final request.
Having an online page that we can just load and see the problem immediately would help a lot in this case. Honza
Priority: -- → P3
I tried to reproduce it with a different setup, but https://dump.testsuite.org/2017/bug1396632-2.html works fine. Not sure what's going on then.
You need to log in before you can comment on or make changes to this bug.