CORS problem only over https Safari 11.0.3


Tested on macOS High Sierra v10.13.3

Safari v11.0.3


This problem doesn't occur neither on Chrome nor Firefox. It doesn't occur on Safari over HTTP neither.

It affects only POST requests (GET and OPTIONS works fine) on Safari over HTTPS.

[Error] Origin [origin] is not allowed by Access-Control-Allow-Origin.

[Error] Failed to load resource: Origin [origin] is not allowed by Access-Control-Allow-Origin.

[Error] XMLHttpRequest cannot load [apiURL] due to access control checks.

The preflight OPTIONS request is following:

Request Headers

Name: Value
Referer: [referer]
Access-Control-Request-Headers: content-type
Origin: [referer]
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0.3 Safari/604.5.6
Accept: */
Access-Control-Request-Method: POST

Response Headers

Name: Value
Age: 0
Server: nginx/1.6.0
Date: Tue, 06 Feb 2018 09:56:50 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type, X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name
Access-Control-Request-Method: GET,POST,OPTIONS
Accept-Ranges: bytes
X-Varnish: 2033664925
Via: 1.1 varnish
X-Cache: MISS

The POST request seems not to be sent at all:

As written before - it works good on Safari over HTTP and it also works on another browsers both over HTTP and HTTPS.

The only problem is with Safari over HTTPS with POST request.

GET requests works fine too..😕

Does Safari have any special restrictions or something? What could be a problem?

Post not yet marked as solved Up vote post of alesz Down vote post of alesz


I have the same or very similar issue after updating Safari to 11.1. Did you managed to solve this?

The Problem remain in Safari 12.0.3. Is there a solution?

same issue on the Safari of iOS 14.1
Does this issue still reproduce in Safari on iOS 14 or Safari 14 on macOS?
Yes, this problem persists on Safari Version 14.0.3 (16610., Big Sur 11.2.1.
This problem still persists on Safari Version 14.1 (Mac OS Big Sur version 11.3.1).

XMLHttpRequest cannot load "<REST API URL to different domain>" due to access control checks

(works fine in all other browsers in the market)

Still an issue in Safari 15

Dear team,

I was spending 4-5 hour for this but still can't fix its working before one month but now its stopped working safari version is 15.0 operating system is BIG SUR 11.6 . if any solution for this please update . thanks in advance.