Context
XHR requests with Authorization header over HTTPS (both together) don't reach the server, using Safari (IOS and MacOS). But it works with IE, Chrome and Firefox.
We use a valid wildcard certificate, on one server it works, on the other server it doesn't.
On the web inspector of Safari, these XHRs try to get result until timeout and no errors displayed.
Test
- Authorization header + HTTPS => Not working
- Authorization header + No HTTPS (HTTP) => Works
- No authorization header + HTTPS => Works
- server1.company.com => Works
- server2.company.com=> Not working
They have both for 95% the same configuration.
If I rename "Authorization" by "MyHeader", and retrieve the bearer token with "MyHeader" token, (almost) everything works well, but we need the authorization header to make it 100% working.
Is there any info about the Safari Authorization requirements?
Is there any way to know when Safari rejects a request?
Is there a better tracking tool inside Safari to have some diagnostics inside safari authorization meganism?
Any advice/help is welcome