Ticket #54 (closed defect: wontfix)

Opened 12 months ago

Last modified 11 months ago

Firefox 3.0.6 breaks usage of getRequestHeader('Set-Cookie')

Reported by: mcm Owned by: zeank
Priority: highest Milestone: jsjac-1.3.2
Component: jsjac Version: svn trunk
Severity: blocker Keywords:
Cc: kevbo

Description

Hi zeank,

Now you cannot get Set-Cookie headers from XHR.

See https://bugzilla.mozilla.org/show_bug.cgi?id=380418

Only from version >=3.0.6 of FF!

ciao, mic

Change History

Changed 12 months ago by mcm

I forgot to mention that the problem can be reproduced on FF 3.0.6 + ejabberd native http-poll protocol.

Changed 12 months ago by chadillac

http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.6

MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies

getRequestHeader('Set-Cookie') returns null object after 3.0.6 update in HTTP-Polling for me as well.

Changed 12 months ago by liquidx

  • priority changed from high to highest

Confirmed on windows and linux firefox 3.0.6

Anyone have a fix?

Changed 12 months ago by kevbo

  • severity changed from critical to blocker

We are desperate for a fix for this! All our firefox users are totally hosed with chat. Help!

Thx :)

Changed 12 months ago by liquidx

  • version changed from 1.3 to svn trunk

Please?

Changed 12 months ago by liquidx

Would just like to offer a small update: This problem only exists with HTTP Polling, HTTP Binding does not have the issue.

Changed 11 months ago by kevbo

  • cc kevbo added

Any updates on this? This is a huge problem for us... we've had to disable our chat service because 40% of users are FF. Any status updates? PLEASE?????????????!!!!!!!!!!!!!!!!!!!!!

Changed 11 months ago by zeank

  • status changed from new to closed
  • resolution set to wontfix

Sorry but there won't be a fix to this problem for HTTP Polling

The fix is to use HTTP Binding (aka BOSH) instead!

Note: See TracTickets for help on using tickets.