CORS problem only over https Safari 11.0.3

Platforms

Tested on macOS High Sierra v10.13.3

Safari v11.0.3


Description

This problem doesn't occur neither on Chrome nor Firefox. It doesn't occur on Safari over HTTP neither.

It affects only POST requests (GET and OPTIONS works fine) on Safari over HTTPS.


[Error] Origin [origin] is not allowed by Access-Control-Allow-Origin.

[Error] Failed to load resource: Origin [origin] is not allowed by Access-Control-Allow-Origin.

[Error] XMLHttpRequest cannot load [apiURL] due to access control checks.


The preflight OPTIONS request is following:


Request Headers

Name: Value
Referer: [referer]
Access-Control-Request-Headers: content-type
Origin: [referer]
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0.3 Safari/604.5.6
Accept: */
Access-Control-Request-Method: POST

Response Headers

Name: Value
Age: 0
Server: nginx/1.6.0
Date: Tue, 06 Feb 2018 09:56:50 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name
Access-Control-Request-Method: GET,POST,OPTIONS
Accept-Ranges: bytes
X-Varnish: 2033664925
Via: 1.1 varnish
X-Cache: MISS


The POST request seems not to be sent at all: https://imgur.com/a/t78Pj


As written before - it works good on Safari over HTTP and it also works on another browsers both over HTTP and HTTPS.

The only problem is with Safari over HTTPS with POST request.

GET requests works fine too..😕

Does Safari have any special restrictions or something? What could be a problem?

Up vote post of alesz Down vote post of alesz
26k views
Posted by
alesz
Reply
Add a Comment

Replies

I have the same or very similar issue after updating Safari to 11.1. Did you managed to solve this?

Posted by
p0sera
Post not yet marked as solved Up vote reply of p0sera Down vote reply of p0sera
Add a Comment

The Problem remain in Safari 12.0.3. Is there a solution?

Posted by
lileywebdesign
Post not yet marked as solved Up vote reply of lileywebdesign Down vote reply of lileywebdesign
Add a Comment
same issue on the Safari of iOS 14.1
Posted by
QuanZ
Up vote reply of QuanZ Down vote reply of QuanZ
Add a Comment
Does this issue still reproduce in Safari on iOS 14 or Safari 14 on macOS?
Posted by
Developer Tools Engineer
Up vote reply of Developer Tools Engineer Down vote reply of Developer Tools Engineer
Add a Comment
Yes, this problem persists on Safari Version 14.0.3 (16610.4.3.1.4), Big Sur 11.2.1.
Posted by
George_Lippert
Up vote reply of George_Lippert Down vote reply of George_Lippert
Add a Comment
This problem still persists on Safari Version 14.1 (Mac OS Big Sur version 11.3.1).

Error:
XMLHttpRequest cannot load "<REST API URL to different domain>" due to access control checks

(works fine in all other browsers in the market)

Posted by
vishpatel
Post not yet marked as solved Up vote reply of vishpatel Down vote reply of vishpatel
Add a Comment

Still an issue in Safari 15

Posted by
kbroomall
Up vote reply of kbroomall Down vote reply of kbroomall
Add a Comment

Dear team,

I was spending 4-5 hour for this but still can't fix its working before one month but now its stopped working safari version is 15.0 operating system is BIG SUR 11.6 . if any solution for this please update . thanks in advance.

Thanks.

Posted by
ibrandox
Up vote reply of ibrandox Down vote reply of ibrandox
Add a Comment

I believe this is intentional. At this link https://www.chromium.org/Home/chromium-security/extension-content-script-fetches/ you can see that chromium is facing it out due to security concerns. You may be able to make a request through your background script instead? Not sure haven't tried it yet

Posted by
jeffreykozik
Up vote reply of jeffreykozik Down vote reply of jeffreykozik
Add a Comment