CORS problem only over https Safari 11.0.3

Platforms

Tested on macOS High Sierra v10.13.3

Safari v11.0.3


Description

This problem doesn't occur neither on Chrome nor Firefox. It doesn't occur on Safari over HTTP neither.

It affects only POST requests (GET and OPTIONS works fine) on Safari over HTTPS.


[Error] Origin [origin] is not allowed by Access-Control-Allow-Origin.

[Error] Failed to load resource: Origin [origin] is not allowed by Access-Control-Allow-Origin.

[Error] XMLHttpRequest cannot load [apiURL] due to access control checks.


The preflight OPTIONS request is following:


Request Headers

Name: Value
Referer: [referer]
Access-Control-Request-Headers: content-type
Origin: [referer]
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0.3 Safari/604.5.6
Accept: */
Access-Control-Request-Method: POST

Response Headers

Name: Value
Age: 0
Server: nginx/1.6.0
Date: Tue, 06 Feb 2018 09:56:50 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name
Access-Control-Request-Method: GET,POST,OPTIONS
Accept-Ranges: bytes
X-Varnish: 2033664925
Via: 1.1 varnish
X-Cache: MISS


The POST request seems not to be sent at all: https://imgur.com/a/t78Pj


As written before - it works good on Safari over HTTP and it also works on another browsers both over HTTP and HTTPS.

The only problem is with Safari over HTTPS with POST request.

GET requests works fine too..😕

Does Safari have any special restrictions or something? What could be a problem?

I have the same or very similar issue after updating Safari to 11.1. Did you managed to solve this?

The Problem remain in Safari 12.0.3. Is there a solution?

same issue on the Safari of iOS 14.1
Does this issue still reproduce in Safari on iOS 14 or Safari 14 on macOS?
Yes, this problem persists on Safari Version 14.0.3 (16610.4.3.1.4), Big Sur 11.2.1.
This problem still persists on Safari Version 14.1 (Mac OS Big Sur version 11.3.1).

Error:
XMLHttpRequest cannot load "<REST API URL to different domain>" due to access control checks

(works fine in all other browsers in the market)

Still an issue in Safari 15

Dear team,

I was spending 4-5 hour for this but still can't fix its working before one month but now its stopped working safari version is 15.0 operating system is BIG SUR 11.6 . if any solution for this please update . thanks in advance.

Thanks.

I believe this is intentional. At this link https://www.chromium.org/Home/chromium-security/extension-content-script-fetches/ you can see that chromium is facing it out due to security concerns. You may be able to make a request through your background script instead? Not sure haven't tried it yet

CORS problem only over https Safari 11.0.3
 
 
Q