fetch API: Can't add Authorization on Request Header with Chrome
Chrome version: 57.0.2987
Actually, in older Chrome version I also have this problem.
I added Authorization on Request Header with my access token,
fetch('https://example.com/endpoint', {
method: 'GET',
headers: {
'Authorization': 'Bearer ' + accesstoken
}
})
I always get Access-Control-Allow-Headers:authorization on Response Header in Chrome
Besides, My fetch is always Request Method:OPTIONS (not display GET), then Status Code is 200 OK in Chrome
But if I run the same fetch code in Firefox (ver 52.0.1 ), everything works great. I can add Authorization on Request Header correctly. It won't display Access-Control-Allow-Headers:authorization on Response Header in Firefox. It will display Authorization: Bearer accesstoken on Request header.
The server side already processed CORS for my request header..
This is a Chrome bug or my code fault? How should I do to make Authorization on Request Header correctly in Chrome?
Below image is the detail Network in Chrome dev tool:
Below image is the detail Network in Firefox dev tool:
As @stackdave said, browser send OPTIONS request before GET request when cross-domain ajax. Then browser will wait server response. My situation that the server didn't response, so browser just stop OPTIONS status. Server need to handle this issue, it's still CORS issue, not fetch api bug or issue.
- What should HTTP 201 response body be when responding to a POST request with large data?
- Java client + Apache HTTP server + GZIP Compression/Decompression
- Connect from ios device to localhost
- How to avoid a page being added to browser history when redirecting using a meta http-equiv tag?
- Best way to perform a GET request without any other libraries
- How can I respond to a POST request containing JSON data with Rocket?
- Can't figure out how to send a signed POST request to OKEx
- How to share reqwest clients in Actix-web server?
- How to solve flutter web api cors error only with dart code?
- Download and get HTML code from a website
- 401 unAuthorized response when making get request in flutter with Dio or http packages
- How to define the basic HTTP authentication using cURL correctly?
- JAVA email tracking pixel keep track of reading time
- Does Java have a complete enum for HTTP response codes?
- After Get success, why does first Angular 9 Put request succeed on MVC Core 2.2 API Controller, but fails on next PUT with http err 302 and/or 503?
- git: retry if http request failed
- Android 8: Cleartext HTTP traffic not permitted
- Open Android app from URL using intent-filter not working
- Go file server doesn't serve folder
- Why is it okay to transmit authentication/session cookies over plaintext?
- Django Rest Framework: HTTP 401 Unauthorized error
- HTTP test server accepting GET/POST requests
- GET request times for apartments.com, but website is not down
- Using Git on Windows, behind an HTTP proxy, without storing proxy password on disk
- When browser sets the "referrer" in HTTP Request header?
- How to configure Spring Security to allow GET method for everyone and restrict other methods to specific roles without much boilerplate?
- How to set status code 404 instead of 200 for 404-page in Next.js
- Delete cookie on page refresh
- Accessing the web page's HTTP Headers in JavaScript
- Setting query string using Fetch GET request