content-length header is being added to the safe-list

Issue #17440391 • Unassigned


shachar z.
May 9, 2018
This issue is public.
Found in
  • Microsoft Edge
  • Internet Explorer
  • Chrome
  • Safari
  • Firefox
  • Opera
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

Steps to reproduce the problem:

  1. create a CORS fetch request to a url that has content-length in its response and doesn’t add content-length to access-control-expose-headers
  2. content-length should be accessible in the response’s headers

What is the expected behavior?
When doing a CORS fetch request if content-length exists in the http response it should be exposed on the response headers even if it’s not added to the access-control-expose-headers.

What went wrong?
content-length is not exposed


0 attachments

    Comments and activity

    Nothing to see here! No one has commented on this issue yet.

    You need to sign in to your Microsoft account to add a comment.

    Sign in