However, that is not the case in my situation, I get a 200 response back, & the SPA using Axios & the API server Axios is calling are on the same subdomain & https protocol, so there should be no cross-origin issues.
Supposedly, the stripping only occurs when the browser receives a redirect to a different origin response back from the server.
Here is where I found the new settings & new behavior: It seems Firefox has implemented a new spec for the Fetch protocol which requires stripping the Authorization header in certain circumstances, & their change was too aggressive & a patch was added, but I'm still getting the problem with the patched version. Specifically, setting = false makes it work for me again, the other setting has no effect. With the Firefox 84 released, Firefox is now running natively on Apple silicon and the performance is quite impressive compared to the previous versions.
0 kommentar(er)
