Closed
Bug 817962
Opened 12 years ago
Closed 9 years ago
Cross Origin XMLHttpRequest can not expose "Location" header even if it is indicated in Access-Control-Expose-Headers
Categories
(Core :: DOM: Core & HTML, defect, P2)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: florin.botis, Unassigned)
References
Details
Attachments
(1 file)
814 bytes,
text/plain
|
Details |
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.238 Safari/535.1 Steps to reproduce: The following bug was found on Windows XP, Firefox 17.01 Scenario: 1. Make a XHR request to a CORS URL. 2. In the CORS preflight response (and all other server responses) the server includes next header Access-Control-Expose-Headers: Location 3. Make the actual CORS call 4. Server responds with HTTP status 201 and includes "Location" header in its response. The "Location" header can be seen using a HTTP packets sniffer. 5. jQuery's xhr.getResponseHeader("Location") returns null even if the Location header is present in the response and it is included in "Access-Control-Expose-Headers" Actual results: jQuery's xhr.getResponseHeader("Location") returns null even if the Location header is present in the response and it is included in "Access-Control-Expose-Headers" Expected results: jQuery's xhr.getResponseHeader("Location") should return the "Location" header
Reporter | ||
Updated•12 years ago
|
OS: Linux → Windows XP
Priority: -- → P2
Hardware: x86_64 → x86
Updated•12 years ago
|
Assignee: nobody → general
Component: Untriaged → JavaScript Engine
Product: Firefox → Core
Comment 1•12 years ago
|
||
This isn't a bug in JS engine.
Assignee: general → nobody
Component: JavaScript Engine → DOM
Comment 2•12 years ago
|
||
florin, can you please attach a minimized testcase to this bug report?
Flags: needinfo?(florin.botis)
Comment 3•12 years ago
|
||
http://hg.mozilla.org/mozilla-central/file/9acb9a9eaeb3/content/base/src/nsXMLHttpRequest.cpp#l1424 doesn't show me any smoking gun here. It would be good to make sure that a regular XMLHttpRequest object demonstrates the same problem without any jQuery in the way.
Reporter | ||
Comment 4•12 years ago
|
||
Yup, Seems to be a jQuery bug. I've just tested it using plain XMLHttpRequest and things look better ;) I'll report a bug to jQuery. Thanks
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Flags: needinfo?(florin.botis)
Resolution: --- → INVALID
Reporter | ||
Comment 5•12 years ago
|
||
A little update: xhr.getResponseHeader("Location") works as expected BUT xhr.getAllResponseHeaders() returns no headers. I think jQuery uses getAllResponseHeaders() method, that would explain $.ajax behavior described above. There's already a bug logged for the getAllResponseHeaders() issue: https://bugzilla.mozilla.org/show_bug.cgi?id=608735
Reporter | ||
Comment 6•12 years ago
|
||
Do you have in plan to fix https://bugzilla.mozilla.org/show_bug.cgi?id=608735 in the near future? BTW, the jQuery bug is: http://bugs.jquery.com/ticket/10338
Reporter | ||
Comment 7•12 years ago
|
||
I deployed a simple app on Heroku in order to help you reproduce the problem (http://vast-retreat-1055.herokuapp.com). The app response to a HTTP GET response is: HTTP Status 200 Headers: Content-Type:text/html Access-Control-Allow-Origin:* Access-Control-Expose-Headers:Location,Content-Length,Accept-Ranges Location:LocationHeaderValue Accept-Ranges:Accept-RangesHeaderValue In order to reproduce the bug open the attached corsBug.html in Safari 5.1.7, press "getLocationHeaderCORSCall()" button. 2 alerts will pop up : 1.The value returned by xhr.getResponseHeader("Location") 2.The value returned by xhr.getAllResponseHeaders() You can check the server response using a Web Console.
Reporter | ||
Updated•12 years ago
|
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Comment 8•12 years ago
|
||
Thanks for the testcase. Bug 608735 is fairly low priority compared to my other work at this point, but if you have any C++ experience I would be happy to guide you through fixing it.
Depends on: 608735
Comment 9•9 years ago
|
||
Presumably fixed by bug 608735.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago → 9 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•