Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XMLHttpRequest doesn't send Authorization header when withCredentials is false even if the request is same origin #1631

Open
saitonakamura opened this issue Dec 4, 2024 · 0 comments · May be fixed by #1632
Labels
bug Something isn't working

Comments

@saitonakamura
Copy link

saitonakamura commented Dec 4, 2024

Describe the bug
XMLHttpRequest doesn't send Authorization header when withCredentials is false even if the request is same origin

To Reproduce
Steps to reproduce the behavior:

  1. set url to some url http://localhost:8123
  2. call an xmlhttprequest to the same origin with withCredentials: false and Authorization header
const req = new XMLHttpRequest();
req.addEventListener("load", reqListener);
req.open("GET", "http://localhost:8123/);
req.setRequestHeader("Authorization", "Basic asdf");
req.send();
  1. Authorization header get's erased

Expected behavior
Authorization header is sent as per spec https://xhr.spec.whatwg.org/#the-withcredentials-attribute

Additional context
Add any other context about the problem here.

@saitonakamura saitonakamura added the bug Something isn't working label Dec 4, 2024
saitonakamura added a commit to saitonakamura/happy-dom that referenced this issue Dec 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
1 participant