User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/20100401 Firefox/3.6.3 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20100401 Firefox/3.6.3 Using 2 way SSL - on cross domain requests that require a preflight the client certificate is not being sent to the server with the initial preflight request even though withCredentials = true was specified. The server reports an SSL handshake exception saying that no_certificate was sent. In FF 3.5 Firebug would show the preflight options request loading indefinitely, in FF 3.6.3 the request shows status Aborted. (non-preflight GETs/POSTs work, all preflighted requests do not POST/DELETE/PUT) Reproducible: Always Steps to Reproduce: 1. Need a two SSL environment 2. 3. Actual Results: Received status aborted on the preflight request so actual request is never sent. Expected Results: Should have sent the client certificate on the preflight because with-credentials was specified on the actual XHR request. Preflight would have returned 200 and the actual request would have been sent.
Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode? If not, please close. These links can help you in your testing. http://support.mozilla.com/kb/Safe+Mode http://support.mozilla.com/kb/Managing+profiles You can also try to reproduce in Firefox 4 Beta 8 or later, there are many improvements in the new version, http://www.mozilla.com/en-US/firefox/all-beta.html
Actually this seems like this is expected per the latest CORS spec. The server has to be configured to accept non ssl preflight requests.