greim greim - 1 month ago 23
Javascript Question

fetch() fails in Firefox with SSL client authentication

I have a web server which uses SSL client authentication. A web page on that server makes a same-origin

GET
request using the
fetch()
API.

In Chrome, the client cert is sent in the SSL handshake, as expected, resulting in a 200 "ok" response. In Firefox, the cert isn't sent, resulting in a 403 "forbidden" response.

In Firefox, if I switch it from using
fetch()
to
XMLHttpRequest
, it works. If I load the same URL directly from Firefox's URL bar, it works. The problem seems limited to
fetch()
on Firefox.

Has anyone seen this before? Is there any way to make
fetch()
play well with SSL client auth in Firefox, or do I need to switch to using
XMLHttpRequest
everywhere? Thanks.

Answer

I just solved my own problem. This is what was failing:

fetch(someUrl)

This fixes the issue:

fetch(someUrl, { credentials: 'include' })

I guess what threw me is the different behavior between Chrome and Firefox.