566878 - XHR Preflight Request not sending certificates withCredentials = true

Status: RESOLVED INVALID

(Firefox :: General, defect)

Description

[Matt]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

Using 2 way SSL - on cross domain requests that require a preflight the client certificate is not being sent to the server with the initial preflight request even though withCredentials = true was specified.  The server reports an SSL handshake exception saying that no_certificate was sent.  In FF 3.5 Firebug would show the preflight options request loading indefinitely, in FF 3.6.3 the request shows status Aborted. (non-preflight GETs/POSTs work, all preflighted requests do not POST/DELETE/PUT)


Reproducible: Always

Steps to Reproduce:
1.  Need a two SSL environment 
2.  
3.
Actual Results:  
Received status aborted on the preflight request so actual request is never sent.

Expected Results:  
Should have sent the client certificate on the preflight because with-credentials was specified on the actual XHR request.  Preflight would have returned 200 and the actual request would have been sent.

Comment 1

[Tyler Downer [He/Him]]

Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode? If not, please close. These links can help you in your testing.
http://support.mozilla.com/kb/Safe+Mode
http://support.mozilla.com/kb/Managing+profiles

You can also try to reproduce in Firefox 4 Beta 8 or later, there are many improvements in the new version, http://www.mozilla.com/en-US/firefox/all-beta.html

Comment 2

[Matt]

Actually this seems like this is expected per the latest CORS spec.  The server has to be configured to accept non ssl preflight requests.