CORS problem only over https Safari 11.0.3

Safari & Web General
alesz
alesz OP
Created Feb ’18
Replies 9
Boosts 0
Views 28k
Participants 10

Platforms

Tested on macOS High Sierra v10.13.3

Safari v11.0.3


Description

This problem doesn't occur neither on Chrome nor Firefox. It doesn't occur on Safari over HTTP neither.

It affects only POST requests (GET and OPTIONS works fine) on Safari over HTTPS.


[Error] Origin [origin] is not allowed by Access-Control-Allow-Origin.

[Error] Failed to load resource: Origin [origin] is not allowed by Access-Control-Allow-Origin.

[Error] XMLHttpRequest cannot load [apiURL] due to access control checks.


The preflight OPTIONS request is following:


Request Headers

Name: Value
Referer: [referer]
Access-Control-Request-Headers: content-type
Origin: [referer]
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0.3 Safari/604.5.6
Accept: */
Access-Control-Request-Method: POST

Response Headers

Name: Value
Age: 0
Server: nginx/1.6.0
Date: Tue, 06 Feb 2018 09:56:50 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name
Access-Control-Request-Method: GET,POST,OPTIONS
Accept-Ranges: bytes
X-Varnish: 2033664925
Via: 1.1 varnish
X-Cache: MISS


The POST request seems not to be sent at all: https://imgur.com/a/t78Pj


As written before - it works good on Safari over HTTP and it also works on another browsers both over HTTP and HTTPS.

The only problem is with Safari over HTTPS with POST request.

GET requests works fine too..😕

Does Safari have any special restrictions or something? What could be a problem?

Replies  9
Boosts  0
Views  28k
Participants  10
p0sera
p0sera OP
Apr ’18

I have the same or very similar issue after updating Safari to 11.1. Did you managed to solve this?

1
lileywebdesign
lileywebdesign OP
Mar ’19

The Problem remain in Safari 12.0.3. Is there a solution?

1
QuanZ
QuanZ OP
Nov ’20
same issue on the Safari of iOS 14.1
0
Apple Staff, Frameworks Engineer
Frameworks Engineer OP
Apple
Nov ’20
Does this issue still reproduce in Safari on iOS 14 or Safari 14 on macOS?
0
George_Lippert
George_Lippert OP
Feb ’21
Yes, this problem persists on Safari Version 14.0.3 (16610.4.3.1.4), Big Sur 11.2.1.
0
vishpatel
vishpatel OP
May ’21
This problem still persists on Safari Version 14.1 (Mac OS Big Sur version 11.3.1).

Error:
XMLHttpRequest cannot load "<REST API URL to different domain>" due to access control checks

(works fine in all other browsers in the market)

1
kbroomall
kbroomall OP
Oct ’21

Still an issue in Safari 15

0
ibrandox
ibrandox OP
Nov ’21

Dear team,

I was spending 4-5 hour for this but still can't fix its working before one month but now its stopped working safari version is 15.0 operating system is BIG SUR 11.6 . if any solution for this please update . thanks in advance.

Thanks.

0
jeffreykozik
jeffreykozik OP
Feb ’22

I believe this is intentional. At this link https://www.chromium.org/Home/chromium-security/extension-content-script-fetches/ you can see that chromium is facing it out due to security concerns. You may be able to make a request through your background script instead? Not sure haven't tried it yet

0
CORS problem only over https Safari 11.0.3
First post date Last post date
 
 
Q