Reputation: 9437
fetch() fails in Firefox with SSL client authentication
I have a web server which uses SSL client authentication. A web page on that server makes a same-origin GET request using the fetch() API.
In Chrome, the client cert is sent in the SSL handshake, as expected, resulting in a 200 "ok" response. In Firefox, the cert isn't sent, resulting in a 403 "forbidden" response.
In Firefox, if I switch it from using fetch() to XMLHttpRequest, it works. If I load the same URL directly from Firefox's URL bar, it works. The problem seems limited to fetch() on Firefox.
Has anyone seen this before? Is there any way to make fetch() play well with SSL client auth in Firefox, or do I need to switch to using XMLHttpRequest everywhere? Thanks.
Upvotes: 3
Views: 2941
Answers (1)
Reputation: 9437
I just solved my own problem. This is what was failing:
fetch(someUrl)
This fixes the issue:
fetch(someUrl, { credentials: 'include' })
Apparently there's different behavior here between Chrome (v54) and Firefox (v45).
Upvotes: 8
Related Questions
- Why is this CORS request failing only in Firefox?
- Firefox is blocking fetch requests on same origin
- Fetch fails/blocked in Firefox
- Fetch API rejects with NetworkError when hosted on localhost (Firefox only)
- Firefox Can't Read Fetch Response Header
- Why does a legitimate cors request that works on Chrome fail on FireFox?
- SSL client certificate not loaded on ajax call from Firefox
- Cross-domain SSL handshake failure in Firefox using xhr, client-certificate
- XMLHttpRequest authentication not working in Firefox
- Firefox: Cross-domain requests with credentials return empty