- From: Ruben Verborgh via RT <sysreq@w3.org>
- Date: Wed, 04 Dec 2019 13:12:41 +0000
- CC: www-tag@w3.org
Dear all,
I was able to reproduce this behavior in Chrome with
fetch('http://www.w3.org/1999/02/22-rdf-syntax-ns', { headers: { special: 'special' } })
where the extra header is used to trigger the preflight request.
Firefox does not perform internal HSTS redirects;
instead it seems to simply rewrite URLs to their https: version.
So this bug seems to be caused by Chrome making the redirect explicit,
and then refusing to process its own redirect response
because the reply to a CORS preflight cannot be a redirect.
It all comes down to the question of whether to treat internal HSTS redirects
as actual redirects that need to follow the CORS rules.
Best,
Ruben
Received on Wednesday, 4 December 2019 13:12:43 UTC