PLATFORM AND VERSION
OS X
OSX 10.12.5, Safari 10.1.1. We've tested on multiple machines (Safari 10.1.2 as well).
DESCRIPTION OF PROBLEM
We're migrating from a single server to AWS and have had a number of issues with CORS. We have some users with proxies, and in order to fix our proxy CORS issues, we enabled cookie forwarding in CloudFront and added withCredentials=true to all of our XHR requests.
Unfortunately, Safari does not like this (in fact, adding withCredentials=true seems to cause CORS issues even outside of the proxy).
Origin [REDACTED] is not allowed by Access-Control-Allow-Origin
Failed to load resource: Origin [REDACTED] is not allowed by Access-Control-Allow-Origin
XMLHttpRequest cannot load [REDACTED, CDN] due to access control checks.
Is there anything known about Safari, S3, and CORS issues that may help us here? Our CORS policy has the redacted origin above listed as an allowed origin, so I'm not sure what is happening here (or why withCredentials=true is causing a problem when we are outside of the proxy). Please note that in Safari, withCredentials=true causes issues when using the proxy as well. Chrome, Firefox and Internet Explorer do not seem to have issues.