XHR Preflight Request not sending certificates withCredentials = true

RESOLVED INVALID

Status

()

Firefox
General
RESOLVED INVALID
8 years ago
7 years ago

People

(Reporter: Matt, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [CLOSEME 2011-1-30])

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

Using 2 way SSL - on cross domain requests that require a preflight the client certificate is not being sent to the server with the initial preflight request even though withCredentials = true was specified.  The server reports an SSL handshake exception saying that no_certificate was sent.  In FF 3.5 Firebug would show the preflight options request loading indefinitely, in FF 3.6.3 the request shows status Aborted. (non-preflight GETs/POSTs work, all preflighted requests do not POST/DELETE/PUT)


Reproducible: Always

Steps to Reproduce:
1.  Need a two SSL environment 
2.  
3.
Actual Results:  
Received status aborted on the preflight request so actual request is never sent.

Expected Results:  
Should have sent the client certificate on the preflight because with-credentials was specified on the actual XHR request.  Preflight would have returned 200 and the actual request would have been sent.
Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode? If not, please close. These links can help you in your testing.
http://support.mozilla.com/kb/Safe+Mode
http://support.mozilla.com/kb/Managing+profiles

You can also try to reproduce in Firefox 4 Beta 8 or later, there are many improvements in the new version, http://www.mozilla.com/en-US/firefox/all-beta.html
Whiteboard: [CLOSEME 2011-1-30]
(Reporter)

Comment 2

7 years ago
Actually this seems like this is expected per the latest CORS spec.  The server has to be configured to accept non ssl preflight requests.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED

Updated

7 years ago
Resolution: FIXED → INVALID
You need to log in before you can comment on or make changes to this bug.