reqwest icon indicating copy to clipboard operation
reqwest copied to clipboard

Published 20 hours ago verified publisher icon seanmonstar

Set-Cookie Headers Not Retained Across Redirects Within the Same Domain

Open lvillis opened this issue 1 year ago • 9 comments

Description

When making a POST request that results in a 302 redirect within the same domain, I noticed that the Set-Cookie headers from the initial response are not being retained or sent in the subsequent redirected request. According to the RFC standards, the cookies set in the initial request should be carried over to the redirected request, especially when the redirect is within the same domain.

Reproduction steps

  • Create a new Client instance.
  • Make a POST request to an endpoint that returns a 302 redirect along with Set-Cookie headers.
  • Observe that the Set-Cookie headers from the initial response are not being sent in the redirected request.

Expected behavior

The Set-Cookie headers from the initial response should be retained and sent in the redirected request when the redirect is within the same domain.

Actual behavior

The Set-Cookie headers are not being retained or sent in the redirected request.

Environment

reqwest version: 0.11

lvillis avatar Oct 21 '23 08:10 lvillis