CoreLibs icon indicating copy to clipboard operation
CoreLibs copied to clipboard
verified publisher icon AdguardTeam

Request with Authorization header is not redirected

Open AdamWr opened this issue 1 year ago • 0 comments

It seems that some request are not redirected.

Steps to reproduce:

  1. Add this rule:
||pagead2.googlesyndication.com/pagead/js/adsbygoogle.js$xmlhttprequest,redirect=googlesyndication-adsbygoogle
  1. Go to - https://example.org/
  2. In browser console run:
(() => {
  function reqListener() {
    console.log(this.responseText);
  }
  function adblock() {
    alert('Request blocked');
  }
  const req = new XMLHttpRequest();
  req.addEventListener('load', reqListener);
  req.addEventListener('error', adblock);
  req.open('GET', 'https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js');
  req.setRequestHeader('Authorization', {});
  req.send();
})();

Expected behavior

Request should be redirected.

Actual behavior

Request is blocked with error:

Access to XMLHttpRequest at 'https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js' from origin 'https://example.org' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
Screenshot

image

[!NOTE] Redirection works fine with AdGuard extension. It looks like that problem occurs when there is Authorization header.

AdGuard for Windows 7.16.0 nightly 18 (4547) (CL 1.13.115, DL 2.4.37 )

AdamWr avatar Jan 11 '24 08:01 AdamWr