content-length header is being added to the safe-list

Fixed Issue #17440391


shachar z.
May 9, 2018
This issue is public.
Found in
  • Microsoft Edge
  • Internet Explorer
  • Chrome
  • Safari
  • Firefox
  • Opera
Fixed in build #
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

Steps to reproduce the problem:

  1. create a CORS fetch request to a url that has content-length in its response and doesn’t add content-length to access-control-expose-headers
  2. content-length should be accessible in the response’s headers

What is the expected behavior?
When doing a CORS fetch request if content-length exists in the http response it should be exposed on the response headers even if it’s not added to the access-control-expose-headers.

What went wrong?
content-length is not exposed


0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Brandon M.”

      Changed Status to “Confirmed”

      Changed Status from “Confirmed” to “In code review”

      Changed Status from “In code review” to “Fixed”

    You need to sign in to your Microsoft account to add a comment.

    Sign in