After upgrading my browser to Chrome 66 I'm having problems creating any API requests to a server which initially requires NTLM authentication. I am wondering if anyone has any explanation as to why. I presume it's something to do with the added ad blocking technology or security added to Chrome, or maybe it's a Chrome bug.
I've created an basic example below using Fetch. What happens is the user visits the site, Chrome redirects users to the API to authenticate (instead of remaining on the same site, like with previous versions of Chrome), when the user authenticates the page goes blank and Chrome seems to disable the keyboard (I can't press cmd + w to close the tab). When I refresh this page the API response starts showing in the browser. After the user has authenticated, they can go back to the initial page that is creating the API request and it works fine.
Does something need to be added to the headers to make this work?
Please don't just suggest using an alternative authentication method as a solution.
<html>
<head>
<script type="text/javascript">
fetch('https://fakeapiurl.com/api', {
credentials: 'include'
})
.then(function(response) {
return response.json();
})
.then(function(myJson) {
console.log(myJson);
});
</script>
</head>
<body>
</body>
</html>
This has been reported as a bug in Chrome 66, as you suspected. I linked to your post and added my own comments there as well.
https://bugs.chromium.org/p/chromium/issues/detail?id=843861