CODEWITHSUNDEEP
javascriptasp.net-web-apifetch-api
Andrew Ault
Andrew Ault

Reputation: 579

Firefox Can't Read Fetch Response Header

I'm trying to use the fetch API to send requests in my application, and if I get a 401 Unauthorized response, I want to read the value of the WWW-Authenticate response header. This works fine on Chrome, but on Firefox, I'm unable to see the WWW-Authenticate header, even though it's included in the Access-Control-Expose-Headers header of my response.

My code:

const api = async (endpoint, fetchOptions) => {
  // fetchOptions:
  // {
  //   "credentials": "same-origin",
  //   "method": "GET",
  //   "headers": {
  //     "Accept": "application/json",
  //     "Content-Type": "application/json"
  //   }
  // }

  const response = await fetch(endpoint, fetchOptions)
    .catch(r => r)
    .then(r => { r.headers.forEach(console.log.bind(console)); return r; });

  // handle 401 errors
  if (!response.status === 401 && response.headers.has('WWW-Authenticate')) {
    const authenticate = response.headers.get('WWW-Authenticate');
    const authEndpoint = authenticate.match(/authorization_endpoint="([^"]+)/i)[1];

    window.location.href = authEndpoint;
    return;
  }
};

My request:

GET /api/login HTTP/1.1
Host: localhost:3001
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost:3000/
Content-Type: application/json
Origin: http://localhost:3000
Connection: keep-alive

My response:

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json
Expires: -1
Server: Microsoft-IIS/10.0
Access-Control-Allow-Origin: http://localhost:3000
Access-Control-Expose-Headers: WWW-Authenticate
WWW-Authenticate: Bearer realm="http://localhost:3001", authorization_endpoint="<oauth endpoint>"
Bearer
X-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcYXNjaW50ZXJuXFNvdXJjZVxSZXBvc1xQb3J0YWxcQVBJXFNhbXMuV2ViQXBpXGFwaVxsb2dpbg==?=
Date: Wed, 12 Jun 2019 13:37:08 GMT
Content-Length: 128

Console output:

no-cache cache-control 
application/json content-type 
-1 expires 
no-cache pragma

Does anyone know why Firefox wouldn't be able to read that response header?

Upvotes: 3

Views: 555

Answers (1)

Anne
Anne

Reputation: 7643

There's a known bug with multiple WWW-Authenticate response headers, you might be hitting that: https://bugzilla.mozilla.org/show_bug.cgi?id=1491010.

Upvotes: 2

Related Questions