Tested on macOS High Sierra v10.13.3
This problem doesn't occur neither on Chrome nor Firefox. It doesn't occur on Safari over HTTP neither.
It affects only POST requests (GET and OPTIONS works fine) on Safari over HTTPS.
[Error] Origin [origin] is not allowed by Access-Control-Allow-Origin.
[Error] Failed to load resource: Origin [origin] is not allowed by Access-Control-Allow-Origin.
[Error] XMLHttpRequest cannot load [apiURL] due to access control checks.
The preflight OPTIONS request is following:
Name: Value Referer: [referer] Access-Control-Request-Headers: content-type Origin: [referer] User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0.3 Safari/604.5.6 Accept: */ Access-Control-Request-Method: POST
Name: Value Age: 0 Server: nginx/1.6.0 Date: Tue, 06 Feb 2018 09:56:50 GMT Content-Length: 0 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type, X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name Access-Control-Request-Method: GET,POST,OPTIONS Accept-Ranges: bytes X-Varnish: 2033664925 Via: 1.1 varnish X-Cache: MISS
The POST request seems not to be sent at all: https://imgur.com/a/t78Pj
As written before - it works good on Safari over HTTP and it also works on another browsers both over HTTP and HTTPS.
The only problem is with Safari over HTTPS with POST request.
GET requests works fine too..😕
Does Safari have any special restrictions or something? What could be a problem?