CORS request not working in Safari
I am making a CORS xhr request. This works fine in chrome, however when I run in safari I get an 'Can not load ---- access not allowed by Access-control-allow-origin'. The code is exactly the same and I have set the CORS on the server. Below is my code.(has access control, but you are free to try without the accessToken)
var water;
var req = new XMLHttpRequest;
req.overrideMimeType("application/json");
req.open('GET', 'https://storage.googleapis.com/fflog/135172watersupplies_json', true);
req.setRequestHeader('Authorization', 'Bearer ' + accessToken);
origThis = this;
var target = this;
req.onload = function() {
water = req;
req.send(null);
After looking at the request headers I see that a OPTIONS request is made first and this is the request that is not allowed. The origin header is not included in the response in Safari, but is in chrome. What would cause this. Any help would be greatly appreciated.
UPDATE:
I have tried in Safari for Windows and it works, so I'm not sure what is going on here. The mac that I am using is a remote access (Macincloud.com), but I don't think that would have anything to do with it.
javascript safari xmlhttprequest cors
asked May 29 '13 at 22:03
PatrickPatrick
7,4821664127
add a comment |
I am making a CORS xhr request. This works fine in chrome, however when I run in safari I get an 'Can not load ---- access not allowed by Access-control-allow-origin'. The code is exactly the same and I have set the CORS on the server. Below is my code.(has access control, but you are free to try without the accessToken)
var water;
var req = new XMLHttpRequest;
req.overrideMimeType("application/json");
req.open('GET', 'https://storage.googleapis.com/fflog/135172watersupplies_json', true);
req.setRequestHeader('Authorization', 'Bearer ' + accessToken);
origThis = this;
var target = this;
req.onload = function() {
water = req;
req.send(null);
After looking at the request headers I see that a OPTIONS request is made first and this is the request that is not allowed. The origin header is not included in the response in Safari, but is in chrome. What would cause this. Any help would be greatly appreciated.
UPDATE:
I have tried in Safari for Windows and it works, so I'm not sure what is going on here. The mac that I am using is a remote access (Macincloud.com), but I don't think that would have anything to do with it.
javascript safari xmlhttprequest cors
asked May 29 '13 at 22:03
PatrickPatrick
7,4821664127
add a comment |
I am making a CORS xhr request. This works fine in chrome, however when I run in safari I get an 'Can not load ---- access not allowed by Access-control-allow-origin'. The code is exactly the same and I have set the CORS on the server. Below is my code.(has access control, but you are free to try without the accessToken)
var water;
var req = new XMLHttpRequest;
req.overrideMimeType("application/json");
req.open('GET', 'https://storage.googleapis.com/fflog/135172watersupplies_json', true);
req.setRequestHeader('Authorization', 'Bearer ' + accessToken);
origThis = this;
var target = this;
req.onload = function() {
water = req;
req.send(null);
After looking at the request headers I see that a OPTIONS request is made first and this is the request that is not allowed. The origin header is not included in the response in Safari, but is in chrome. What would cause this. Any help would be greatly appreciated.
UPDATE:
I have tried in Safari for Windows and it works, so I'm not sure what is going on here. The mac that I am using is a remote access (Macincloud.com), but I don't think that would have anything to do with it.
javascript safari xmlhttprequest cors
asked May 29 '13 at 22:03
PatrickPatrick
7,4821664127
I am making a CORS xhr request. This works fine in chrome, however when I run in safari I get an 'Can not load ---- access not allowed by Access-control-allow-origin'. The code is exactly the same and I have set the CORS on the server. Below is my code.(has access control, but you are free to try without the accessToken)
var water;
var req = new XMLHttpRequest;
req.overrideMimeType("application/json");
req.open('GET', 'https://storage.googleapis.com/fflog/135172watersupplies_json', true);
req.setRequestHeader('Authorization', 'Bearer ' + accessToken);
origThis = this;
var target = this;
req.onload = function() {
water = req;
req.send(null);
After looking at the request headers I see that a OPTIONS request is made first and this is the request that is not allowed. The origin header is not included in the response in Safari, but is in chrome. What would cause this. Any help would be greatly appreciated.
UPDATE:
I have tried in Safari for Windows and it works, so I'm not sure what is going on here. The mac that I am using is a remote access (Macincloud.com), but I don't think that would have anything to do with it.
javascript safari xmlhttprequest cors
javascript safari xmlhttprequest cors
asked May 29 '13 at 22:03
PatrickPatrick
7,4821664127
asked May 29 '13 at 22:03
PatrickPatrick
7,4821664127
edited May 29 '13 at 22:15
Patrick
asked May 29 '13 at 22:03
PatrickPatrick
7,4821664127
asked May 29 '13 at 22:03
PatrickPatrick
7,4821664127
asked May 29 '13 at 22:03
PatrickPatrick
7,4821664127
7,4821664127
add a comment |
add a comment |
10 Answers
10
active
oldest
votes
I encountered the same error when making an XHR request against a file in Amazon S3. On Safari 7 it was failing. I know you're not using Amazon S3, but I thought I'd post in case this solution helped others.
The problem was that Safari 7 set the Access-Control-Request-Headers header to "origin, x-requested-with", but my AWS CORS configuration only allowed "x-requested-with":
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
<AllowedHeader>x-requested-with</AllowedHeader>
</CORSRule>
</CORSConfiguration>
I added "origin" as an allowed header and everything worked fine.
<AllowedHeader>origin</AllowedHeader>
Note: the AllowedOrigin of * is for development purposes only. See @andes comment below for more information.
answered Apr 7 '14 at 22:29
SethSeth
3,86933247
Thank you very much, Seth. You're a lifesaver :P
– leods92
Jun 18 '14 at 3:42
I know we're not supposed to say "Thanks" but holy crap I've been battling this thing with Safari for a long time! That did the trick!
– teewuane
Nov 27 '14 at 1:16
5
If you're following this example, please note that using * for AllowedOrigin is really meant for dev environments - you should use a white list in production, for most use cases. Here's an example for implementing a whitelist: github.com/monsur/CORSinAction/blob/master/ch07/listing-7.1/…
– andes
Feb 11 '15 at 16:12
add a comment |
Thanks for all the responses, I got this finally myself. I added 'Origin' to my responseHeaders and works fine now.
answered Jun 9 '13 at 22:11
PatrickPatrick
7,4821664127
25
Could you elaborate a bit about the response.
– Sohaib
Oct 7 '15 at 9:54
1
Which kind of header? and where to put it? can you please add the exact steps with code?
– Umesh Patadiya
Dec 21 '18 at 12:49
add a comment |
I just had a similar problem, CORS error. It would work in Firefox & Chrome but not Safari 10.
Turned out we needed to put the trailing slash on the JSON URL.
answered Oct 5 '16 at 13:25
William MacdonaldWilliam Macdonald
1,34121424
1
no effect for me...
– kfn
Jul 25 '18 at 10:03
this worked for me. Thanks.
– Suraj Air
Nov 19 '18 at 5:39
add a comment |
For CORS request you should be using your origin fflog.storage.googleapis.com. If you use common storage.googleapis.com origin, any site can access to your bucket.
have try try remove overrideMimeType? If you set mime type, it will return correctly.
I also have problem with Safari POST request, but no answer yet. GET is OK.
answered May 30 '13 at 8:22
Kyaw TunKyaw Tun
6,44112046
I did try and it did not work...also tried the other url with no luck :/
– Patrick
Jun 7 '13 at 16:56
add a comment |
try to remove overide mimetype.
var
jsonhandler=function(){var req=JSON.parse(this.response);console.log(req)},
req=new XMLHttpRequest;
req.open('GET','https://storage.googleapis.com/fflog/135172watersupplies_json');
req.setRequestHeader('Authorization','Bearer '+accessToken);
req.onload=jsonhandler;
req.send();
answered Jun 6 '13 at 11:59
coccococco
12.3k64068
did not work for me...
– Patrick
Jun 7 '13 at 16:54
add a comment |
When I query your URL I'm getting back the following Access-Control headers:
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization, Cache-Control, Content-Length, Date, Expires, Server, Transfer-Encoding, x-goog-meta-foo1
I suspect it has something to do with your Access-Control headers - either you're leaving something out, or being too specific.
Given that you're actually sending a custom header, you may want to try:
Access-Control-Allow-Headers: *
You could also see if leaving out Access-Control-Expose-Headers makes a difference.
Beyond that, it would actually be helpful to see the actual request / response headers.
answered Jun 9 '13 at 21:50
LukeLuke
8,38423374
Access-Control-Allow-Headers doesn't allow wildcard, it has to be an exact match - w3.org/TR/cors/#access-control-allow-headers-response-header
– Jérémy F.
Oct 15 '14 at 23:31
add a comment |
When I try
curl -v -X OPTIONS
-H 'Origin: fflog.storage.googleapis.com'
-H 'Access-Control-Request-Method: GET'
https://storage.googleapis.com/fflog/135172watersupplies_json
I get, among other headers:
Access-Control-Allow-Origin: *
When I execute AJAX requests against https://storage.googleapis.com/fflog/135172watersupplies_json from Safari 6.0.4 on Mac OS 10.8.3 I get 403 errors, but they do all execute.
So I can only guess that you are trying to send a credentialed request for which a wildcard Access-Control-Allow-Origin is not allowed.
answered Jun 5 '13 at 5:24
Old ProOld Pro
14.1k23765
Thanks for the post. but to really test CORS with cURL you need to set the origin header to simulate the browser environment.
– Patrick
Jun 9 '13 at 21:36
add a comment |
As for Amazon S3, it only worked in safari after I added more allowed headers, Content-Type and Range. One of these did the job.
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
<AllowedHeader>Origin</AllowedHeader>
<AllowedHeader>X-Requested-With</AllowedHeader>
<AllowedHeader>Content-Type</AllowedHeader>
<AllowedHeader>Range</AllowedHeader>
</CORSRule>
</CORSConfiguration>
answered Feb 3 '17 at 19:12
EdhowlerEdhowler
407311
add a comment |
I had the same problem where CORS worked in Chrome, but threw an origin error in Safari. Turned out it was a Kerberos authorization issue. When I loaded the XHR URL directly in Safari, I was prompted for credentials. After entering them, I returned to the original site, and Safari no longer had the CORS error.
answered Apr 18 '18 at 17:55
Seth MooreSeth Moore
464
add a comment |
In my case, it was an issue for Accept-Langauge header. I have added Accept-Language inside Access-Control-Allow-Headers and it got resolved.
answered Nov 12 '18 at 13:06
deendeen
85631732
add a comment |
protected by Samuel Liew♦ Aug 22 '14 at 6:30
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
10 Answers
10
active
oldest
votes
10 Answers
10
active
oldest
votes
active
oldest
votes
active
oldest
votes
I encountered the same error when making an XHR request against a file in Amazon S3. On Safari 7 it was failing. I know you're not using Amazon S3, but I thought I'd post in case this solution helped others.
The problem was that Safari 7 set the Access-Control-Request-Headers header to "origin, x-requested-with", but my AWS CORS configuration only allowed "x-requested-with":
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
<AllowedHeader>x-requested-with</AllowedHeader>
</CORSRule>
</CORSConfiguration>
I added "origin" as an allowed header and everything worked fine.
<AllowedHeader>origin</AllowedHeader>
Note: the AllowedOrigin of * is for development purposes only. See @andes comment below for more information.
answered Apr 7 '14 at 22:29
SethSeth
3,86933247
Thank you very much, Seth. You're a lifesaver :P
– leods92
Jun 18 '14 at 3:42
I know we're not supposed to say "Thanks" but holy crap I've been battling this thing with Safari for a long time! That did the trick!
– teewuane
Nov 27 '14 at 1:16
5
If you're following this example, please note that using * for AllowedOrigin is really meant for dev environments - you should use a white list in production, for most use cases. Here's an example for implementing a whitelist: github.com/monsur/CORSinAction/blob/master/ch07/listing-7.1/…
– andes
Feb 11 '15 at 16:12
add a comment |
I encountered the same error when making an XHR request against a file in Amazon S3. On Safari 7 it was failing. I know you're not using Amazon S3, but I thought I'd post in case this solution helped others.
The problem was that Safari 7 set the Access-Control-Request-Headers header to "origin, x-requested-with", but my AWS CORS configuration only allowed "x-requested-with":
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
<AllowedHeader>x-requested-with</AllowedHeader>
</CORSRule>
</CORSConfiguration>
I added "origin" as an allowed header and everything worked fine.
<AllowedHeader>origin</AllowedHeader>
Note: the AllowedOrigin of * is for development purposes only. See @andes comment below for more information.
answered Apr 7 '14 at 22:29
SethSeth
3,86933247
Thank you very much, Seth. You're a lifesaver :P
– leods92
Jun 18 '14 at 3:42
I know we're not supposed to say "Thanks" but holy crap I've been battling this thing with Safari for a long time! That did the trick!
– teewuane
Nov 27 '14 at 1:16
5
If you're following this example, please note that using * for AllowedOrigin is really meant for dev environments - you should use a white list in production, for most use cases. Here's an example for implementing a whitelist: github.com/monsur/CORSinAction/blob/master/ch07/listing-7.1/…
– andes
Feb 11 '15 at 16:12
add a comment |
I encountered the same error when making an XHR request against a file in Amazon S3. On Safari 7 it was failing. I know you're not using Amazon S3, but I thought I'd post in case this solution helped others.
The problem was that Safari 7 set the Access-Control-Request-Headers header to "origin, x-requested-with", but my AWS CORS configuration only allowed "x-requested-with":
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
<AllowedHeader>x-requested-with</AllowedHeader>
</CORSRule>
</CORSConfiguration>
I added "origin" as an allowed header and everything worked fine.
<AllowedHeader>origin</AllowedHeader>
Note: the AllowedOrigin of * is for development purposes only. See @andes comment below for more information.
answered Apr 7 '14 at 22:29
SethSeth
3,86933247
I encountered the same error when making an XHR request against a file in Amazon S3. On Safari 7 it was failing. I know you're not using Amazon S3, but I thought I'd post in case this solution helped others.
The problem was that Safari 7 set the Access-Control-Request-Headers header to "origin, x-requested-with", but my AWS CORS configuration only allowed "x-requested-with":
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
<AllowedHeader>x-requested-with</AllowedHeader>
</CORSRule>
</CORSConfiguration>
I added "origin" as an allowed header and everything worked fine.
<AllowedHeader>origin</AllowedHeader>
Note: the AllowedOrigin of * is for development purposes only. See @andes comment below for more information.
answered Apr 7 '14 at 22:29
SethSeth
3,86933247
edited Feb 11 '15 at 16:15
answered Apr 7 '14 at 22:29
SethSeth
3,86933247
answered Apr 7 '14 at 22:29
SethSeth
3,86933247
answered Apr 7 '14 at 22:29
SethSeth
3,86933247
3,86933247
Thank you very much, Seth. You're a lifesaver :P
– leods92
Jun 18 '14 at 3:42
I know we're not supposed to say "Thanks" but holy crap I've been battling this thing with Safari for a long time! That did the trick!
– teewuane
Nov 27 '14 at 1:16
5
If you're following this example, please note that using * for AllowedOrigin is really meant for dev environments - you should use a white list in production, for most use cases. Here's an example for implementing a whitelist: github.com/monsur/CORSinAction/blob/master/ch07/listing-7.1/…
– andes
Feb 11 '15 at 16:12
add a comment |
Thank you very much, Seth. You're a lifesaver :P
– leods92
Jun 18 '14 at 3:42
I know we're not supposed to say "Thanks" but holy crap I've been battling this thing with Safari for a long time! That did the trick!
– teewuane
Nov 27 '14 at 1:16
5
If you're following this example, please note that using * for AllowedOrigin is really meant for dev environments - you should use a white list in production, for most use cases. Here's an example for implementing a whitelist: github.com/monsur/CORSinAction/blob/master/ch07/listing-7.1/…
– andes
Feb 11 '15 at 16:12
Thank you very much, Seth. You're a lifesaver :P
– leods92
Jun 18 '14 at 3:42
Thank you very much, Seth. You're a lifesaver :P
– leods92
Jun 18 '14 at 3:42
I know we're not supposed to say "Thanks" but holy crap I've been battling this thing with Safari for a long time! That did the trick!
– teewuane
Nov 27 '14 at 1:16
I know we're not supposed to say "Thanks" but holy crap I've been battling this thing with Safari for a long time! That did the trick!
– teewuane
Nov 27 '14 at 1:16
5
5
If you're following this example, please note that using * for AllowedOrigin is really meant for dev environments - you should use a white list in production, for most use cases. Here's an example for implementing a whitelist: github.com/monsur/CORSinAction/blob/master/ch07/listing-7.1/…
– andes
Feb 11 '15 at 16:12
If you're following this example, please note that using * for AllowedOrigin is really meant for dev environments - you should use a white list in production, for most use cases. Here's an example for implementing a whitelist: github.com/monsur/CORSinAction/blob/master/ch07/listing-7.1/…
– andes
Feb 11 '15 at 16:12
add a comment |
Thanks for all the responses, I got this finally myself. I added 'Origin' to my responseHeaders and works fine now.
answered Jun 9 '13 at 22:11
PatrickPatrick
7,4821664127
25
Could you elaborate a bit about the response.
– Sohaib
Oct 7 '15 at 9:54
1
Which kind of header? and where to put it? can you please add the exact steps with code?
– Umesh Patadiya
Dec 21 '18 at 12:49
add a comment |
Thanks for all the responses, I got this finally myself. I added 'Origin' to my responseHeaders and works fine now.
answered Jun 9 '13 at 22:11
PatrickPatrick
7,4821664127
25
Could you elaborate a bit about the response.
– Sohaib
Oct 7 '15 at 9:54
1
Which kind of header? and where to put it? can you please add the exact steps with code?
– Umesh Patadiya
Dec 21 '18 at 12:49
add a comment |
Thanks for all the responses, I got this finally myself. I added 'Origin' to my responseHeaders and works fine now.
answered Jun 9 '13 at 22:11
PatrickPatrick
7,4821664127
Thanks for all the responses, I got this finally myself. I added 'Origin' to my responseHeaders and works fine now.
answered Jun 9 '13 at 22:11
PatrickPatrick
7,4821664127
answered Jun 9 '13 at 22:11
PatrickPatrick
7,4821664127
answered Jun 9 '13 at 22:11
PatrickPatrick
7,4821664127
answered Jun 9 '13 at 22:11
PatrickPatrick
7,4821664127
7,4821664127
25
Could you elaborate a bit about the response.
– Sohaib
Oct 7 '15 at 9:54
1
Which kind of header? and where to put it? can you please add the exact steps with code?
– Umesh Patadiya
Dec 21 '18 at 12:49
add a comment |
25
Could you elaborate a bit about the response.
– Sohaib
Oct 7 '15 at 9:54
1
Which kind of header? and where to put it? can you please add the exact steps with code?
– Umesh Patadiya
Dec 21 '18 at 12:49
25
25
Could you elaborate a bit about the response.
– Sohaib
Oct 7 '15 at 9:54
Could you elaborate a bit about the response.
– Sohaib
Oct 7 '15 at 9:54
1
1
Which kind of header? and where to put it? can you please add the exact steps with code?
– Umesh Patadiya
Dec 21 '18 at 12:49
Which kind of header? and where to put it? can you please add the exact steps with code?
– Umesh Patadiya
Dec 21 '18 at 12:49
add a comment |
I just had a similar problem, CORS error. It would work in Firefox & Chrome but not Safari 10.
Turned out we needed to put the trailing slash on the JSON URL.
answered Oct 5 '16 at 13:25
William MacdonaldWilliam Macdonald
1,34121424
1
no effect for me...
– kfn
Jul 25 '18 at 10:03
this worked for me. Thanks.
– Suraj Air
Nov 19 '18 at 5:39
add a comment |
I just had a similar problem, CORS error. It would work in Firefox & Chrome but not Safari 10.
Turned out we needed to put the trailing slash on the JSON URL.
answered Oct 5 '16 at 13:25
William MacdonaldWilliam Macdonald
1,34121424
1
no effect for me...
– kfn
Jul 25 '18 at 10:03
this worked for me. Thanks.
– Suraj Air
Nov 19 '18 at 5:39
add a comment |
I just had a similar problem, CORS error. It would work in Firefox & Chrome but not Safari 10.
Turned out we needed to put the trailing slash on the JSON URL.
answered Oct 5 '16 at 13:25
William MacdonaldWilliam Macdonald
1,34121424
I just had a similar problem, CORS error. It would work in Firefox & Chrome but not Safari 10.
Turned out we needed to put the trailing slash on the JSON URL.
answered Oct 5 '16 at 13:25
William MacdonaldWilliam Macdonald
1,34121424
answered Oct 5 '16 at 13:25
William MacdonaldWilliam Macdonald
1,34121424
answered Oct 5 '16 at 13:25
William MacdonaldWilliam Macdonald
1,34121424
answered Oct 5 '16 at 13:25
William MacdonaldWilliam Macdonald
1,34121424
1,34121424
1
no effect for me...
– kfn
Jul 25 '18 at 10:03
this worked for me. Thanks.
– Suraj Air
Nov 19 '18 at 5:39
add a comment |
1
no effect for me...
– kfn
Jul 25 '18 at 10:03
this worked for me. Thanks.
– Suraj Air
Nov 19 '18 at 5:39
1
1
no effect for me...
– kfn
Jul 25 '18 at 10:03
no effect for me...
– kfn
Jul 25 '18 at 10:03
this worked for me. Thanks.
– Suraj Air
Nov 19 '18 at 5:39
this worked for me. Thanks.
– Suraj Air
Nov 19 '18 at 5:39
add a comment |
For CORS request you should be using your origin fflog.storage.googleapis.com. If you use common storage.googleapis.com origin, any site can access to your bucket.
have try try remove overrideMimeType? If you set mime type, it will return correctly.
I also have problem with Safari POST request, but no answer yet. GET is OK.
answered May 30 '13 at 8:22
Kyaw TunKyaw Tun
6,44112046
I did try and it did not work...also tried the other url with no luck :/
– Patrick
Jun 7 '13 at 16:56
add a comment |
For CORS request you should be using your origin fflog.storage.googleapis.com. If you use common storage.googleapis.com origin, any site can access to your bucket.
have try try remove overrideMimeType? If you set mime type, it will return correctly.
I also have problem with Safari POST request, but no answer yet. GET is OK.
answered May 30 '13 at 8:22
Kyaw TunKyaw Tun
6,44112046
I did try and it did not work...also tried the other url with no luck :/
– Patrick
Jun 7 '13 at 16:56
add a comment |
For CORS request you should be using your origin fflog.storage.googleapis.com. If you use common storage.googleapis.com origin, any site can access to your bucket.
have try try remove overrideMimeType? If you set mime type, it will return correctly.
I also have problem with Safari POST request, but no answer yet. GET is OK.
answered May 30 '13 at 8:22
Kyaw TunKyaw Tun
6,44112046
For CORS request you should be using your origin fflog.storage.googleapis.com. If you use common storage.googleapis.com origin, any site can access to your bucket.
have try try remove overrideMimeType? If you set mime type, it will return correctly.
I also have problem with Safari POST request, but no answer yet. GET is OK.
answered May 30 '13 at 8:22
Kyaw TunKyaw Tun
6,44112046
answered May 30 '13 at 8:22
Kyaw TunKyaw Tun
6,44112046
answered May 30 '13 at 8:22
Kyaw TunKyaw Tun
6,44112046
answered May 30 '13 at 8:22
Kyaw TunKyaw Tun
6,44112046
6,44112046
I did try and it did not work...also tried the other url with no luck :/
– Patrick
Jun 7 '13 at 16:56
add a comment |
I did try and it did not work...also tried the other url with no luck :/
– Patrick
Jun 7 '13 at 16:56
I did try and it did not work...also tried the other url with no luck :/
– Patrick
Jun 7 '13 at 16:56
I did try and it did not work...also tried the other url with no luck :/
– Patrick
Jun 7 '13 at 16:56
add a comment |
try to remove overide mimetype.
var
jsonhandler=function(){var req=JSON.parse(this.response);console.log(req)},
req=new XMLHttpRequest;
req.open('GET','https://storage.googleapis.com/fflog/135172watersupplies_json');
req.setRequestHeader('Authorization','Bearer '+accessToken);
req.onload=jsonhandler;
req.send();
answered Jun 6 '13 at 11:59
coccococco
12.3k64068
did not work for me...
– Patrick
Jun 7 '13 at 16:54
add a comment |
try to remove overide mimetype.
var
jsonhandler=function(){var req=JSON.parse(this.response);console.log(req)},
req=new XMLHttpRequest;
req.open('GET','https://storage.googleapis.com/fflog/135172watersupplies_json');
req.setRequestHeader('Authorization','Bearer '+accessToken);
req.onload=jsonhandler;
req.send();
answered Jun 6 '13 at 11:59
coccococco
12.3k64068
did not work for me...
– Patrick
Jun 7 '13 at 16:54
add a comment |
try to remove overide mimetype.
var
jsonhandler=function(){var req=JSON.parse(this.response);console.log(req)},
req=new XMLHttpRequest;
req.open('GET','https://storage.googleapis.com/fflog/135172watersupplies_json');
req.setRequestHeader('Authorization','Bearer '+accessToken);
req.onload=jsonhandler;
req.send();
answered Jun 6 '13 at 11:59
coccococco
12.3k64068
try to remove overide mimetype.
var
jsonhandler=function(){var req=JSON.parse(this.response);console.log(req)},
req=new XMLHttpRequest;
req.open('GET','https://storage.googleapis.com/fflog/135172watersupplies_json');
req.setRequestHeader('Authorization','Bearer '+accessToken);
req.onload=jsonhandler;
req.send();
answered Jun 6 '13 at 11:59
coccococco
12.3k64068
answered Jun 6 '13 at 11:59
coccococco
12.3k64068
answered Jun 6 '13 at 11:59
coccococco
12.3k64068
answered Jun 6 '13 at 11:59
coccococco
12.3k64068
12.3k64068
did not work for me...
– Patrick
Jun 7 '13 at 16:54
add a comment |
did not work for me...
– Patrick
Jun 7 '13 at 16:54
did not work for me...
– Patrick
Jun 7 '13 at 16:54
did not work for me...
– Patrick
Jun 7 '13 at 16:54
add a comment |
When I query your URL I'm getting back the following Access-Control headers:
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization, Cache-Control, Content-Length, Date, Expires, Server, Transfer-Encoding, x-goog-meta-foo1
I suspect it has something to do with your Access-Control headers - either you're leaving something out, or being too specific.
Given that you're actually sending a custom header, you may want to try:
Access-Control-Allow-Headers: *
You could also see if leaving out Access-Control-Expose-Headers makes a difference.
Beyond that, it would actually be helpful to see the actual request / response headers.
answered Jun 9 '13 at 21:50
LukeLuke
8,38423374
Access-Control-Allow-Headers doesn't allow wildcard, it has to be an exact match - w3.org/TR/cors/#access-control-allow-headers-response-header
– Jérémy F.
Oct 15 '14 at 23:31
add a comment |
When I query your URL I'm getting back the following Access-Control headers:
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization, Cache-Control, Content-Length, Date, Expires, Server, Transfer-Encoding, x-goog-meta-foo1
I suspect it has something to do with your Access-Control headers - either you're leaving something out, or being too specific.
Given that you're actually sending a custom header, you may want to try:
Access-Control-Allow-Headers: *
You could also see if leaving out Access-Control-Expose-Headers makes a difference.
Beyond that, it would actually be helpful to see the actual request / response headers.
answered Jun 9 '13 at 21:50
LukeLuke
8,38423374
Access-Control-Allow-Headers doesn't allow wildcard, it has to be an exact match - w3.org/TR/cors/#access-control-allow-headers-response-header
– Jérémy F.
Oct 15 '14 at 23:31
add a comment |
When I query your URL I'm getting back the following Access-Control headers:
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization, Cache-Control, Content-Length, Date, Expires, Server, Transfer-Encoding, x-goog-meta-foo1
I suspect it has something to do with your Access-Control headers - either you're leaving something out, or being too specific.
Given that you're actually sending a custom header, you may want to try:
Access-Control-Allow-Headers: *
You could also see if leaving out Access-Control-Expose-Headers makes a difference.
Beyond that, it would actually be helpful to see the actual request / response headers.
answered Jun 9 '13 at 21:50
LukeLuke
8,38423374
When I query your URL I'm getting back the following Access-Control headers:
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization, Cache-Control, Content-Length, Date, Expires, Server, Transfer-Encoding, x-goog-meta-foo1
I suspect it has something to do with your Access-Control headers - either you're leaving something out, or being too specific.
Given that you're actually sending a custom header, you may want to try:
Access-Control-Allow-Headers: *
You could also see if leaving out Access-Control-Expose-Headers makes a difference.
Beyond that, it would actually be helpful to see the actual request / response headers.
answered Jun 9 '13 at 21:50
LukeLuke
8,38423374
answered Jun 9 '13 at 21:50
LukeLuke
8,38423374
answered Jun 9 '13 at 21:50
LukeLuke
8,38423374
answered Jun 9 '13 at 21:50
LukeLuke
8,38423374
8,38423374
Access-Control-Allow-Headers doesn't allow wildcard, it has to be an exact match - w3.org/TR/cors/#access-control-allow-headers-response-header
– Jérémy F.
Oct 15 '14 at 23:31
add a comment |
Access-Control-Allow-Headers doesn't allow wildcard, it has to be an exact match - w3.org/TR/cors/#access-control-allow-headers-response-header
– Jérémy F.
Oct 15 '14 at 23:31
Access-Control-Allow-Headers doesn't allow wildcard, it has to be an exact match - w3.org/TR/cors/#access-control-allow-headers-response-header
– Jérémy F.
Oct 15 '14 at 23:31
Access-Control-Allow-Headers doesn't allow wildcard, it has to be an exact match - w3.org/TR/cors/#access-control-allow-headers-response-header
– Jérémy F.
Oct 15 '14 at 23:31
add a comment |
When I try
curl -v -X OPTIONS
-H 'Origin: fflog.storage.googleapis.com'
-H 'Access-Control-Request-Method: GET'
https://storage.googleapis.com/fflog/135172watersupplies_json
I get, among other headers:
Access-Control-Allow-Origin: *
When I execute AJAX requests against https://storage.googleapis.com/fflog/135172watersupplies_json from Safari 6.0.4 on Mac OS 10.8.3 I get 403 errors, but they do all execute.
So I can only guess that you are trying to send a credentialed request for which a wildcard Access-Control-Allow-Origin is not allowed.
answered Jun 5 '13 at 5:24
Old ProOld Pro
14.1k23765
Thanks for the post. but to really test CORS with cURL you need to set the origin header to simulate the browser environment.
– Patrick
Jun 9 '13 at 21:36
add a comment |
When I try
curl -v -X OPTIONS
-H 'Origin: fflog.storage.googleapis.com'
-H 'Access-Control-Request-Method: GET'
https://storage.googleapis.com/fflog/135172watersupplies_json
I get, among other headers:
Access-Control-Allow-Origin: *
When I execute AJAX requests against https://storage.googleapis.com/fflog/135172watersupplies_json from Safari 6.0.4 on Mac OS 10.8.3 I get 403 errors, but they do all execute.
So I can only guess that you are trying to send a credentialed request for which a wildcard Access-Control-Allow-Origin is not allowed.
answered Jun 5 '13 at 5:24
Old ProOld Pro
14.1k23765
Thanks for the post. but to really test CORS with cURL you need to set the origin header to simulate the browser environment.
– Patrick
Jun 9 '13 at 21:36
add a comment |
When I try
curl -v -X OPTIONS
-H 'Origin: fflog.storage.googleapis.com'
-H 'Access-Control-Request-Method: GET'
https://storage.googleapis.com/fflog/135172watersupplies_json
I get, among other headers:
Access-Control-Allow-Origin: *
When I execute AJAX requests against https://storage.googleapis.com/fflog/135172watersupplies_json from Safari 6.0.4 on Mac OS 10.8.3 I get 403 errors, but they do all execute.
So I can only guess that you are trying to send a credentialed request for which a wildcard Access-Control-Allow-Origin is not allowed.
answered Jun 5 '13 at 5:24
Old ProOld Pro
14.1k23765
When I try
curl -v -X OPTIONS
-H 'Origin: fflog.storage.googleapis.com'
-H 'Access-Control-Request-Method: GET'
https://storage.googleapis.com/fflog/135172watersupplies_json
I get, among other headers:
Access-Control-Allow-Origin: *
When I execute AJAX requests against https://storage.googleapis.com/fflog/135172watersupplies_json from Safari 6.0.4 on Mac OS 10.8.3 I get 403 errors, but they do all execute.
So I can only guess that you are trying to send a credentialed request for which a wildcard Access-Control-Allow-Origin is not allowed.
answered Jun 5 '13 at 5:24
Old ProOld Pro
14.1k23765
edited Jun 9 '13 at 22:00
answered Jun 5 '13 at 5:24
Old ProOld Pro
14.1k23765
answered Jun 5 '13 at 5:24
Old ProOld Pro
14.1k23765
answered Jun 5 '13 at 5:24
Old ProOld Pro
14.1k23765
14.1k23765
Thanks for the post. but to really test CORS with cURL you need to set the origin header to simulate the browser environment.
– Patrick
Jun 9 '13 at 21:36
add a comment |
Thanks for the post. but to really test CORS with cURL you need to set the origin header to simulate the browser environment.
– Patrick
Jun 9 '13 at 21:36
Thanks for the post. but to really test CORS with cURL you need to set the origin header to simulate the browser environment.
– Patrick
Jun 9 '13 at 21:36
Thanks for the post. but to really test CORS with cURL you need to set the origin header to simulate the browser environment.
– Patrick
Jun 9 '13 at 21:36
add a comment |
As for Amazon S3, it only worked in safari after I added more allowed headers, Content-Type and Range. One of these did the job.
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
<AllowedHeader>Origin</AllowedHeader>
<AllowedHeader>X-Requested-With</AllowedHeader>
<AllowedHeader>Content-Type</AllowedHeader>
<AllowedHeader>Range</AllowedHeader>
</CORSRule>
</CORSConfiguration>
answered Feb 3 '17 at 19:12
EdhowlerEdhowler
407311
add a comment |
As for Amazon S3, it only worked in safari after I added more allowed headers, Content-Type and Range. One of these did the job.
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
<AllowedHeader>Origin</AllowedHeader>
<AllowedHeader>X-Requested-With</AllowedHeader>
<AllowedHeader>Content-Type</AllowedHeader>
<AllowedHeader>Range</AllowedHeader>
</CORSRule>
</CORSConfiguration>
answered Feb 3 '17 at 19:12
EdhowlerEdhowler
407311
add a comment |
As for Amazon S3, it only worked in safari after I added more allowed headers, Content-Type and Range. One of these did the job.
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
<AllowedHeader>Origin</AllowedHeader>
<AllowedHeader>X-Requested-With</AllowedHeader>
<AllowedHeader>Content-Type</AllowedHeader>
<AllowedHeader>Range</AllowedHeader>
</CORSRule>
</CORSConfiguration>
answered Feb 3 '17 at 19:12
EdhowlerEdhowler
407311
As for Amazon S3, it only worked in safari after I added more allowed headers, Content-Type and Range. One of these did the job.
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
<AllowedHeader>Origin</AllowedHeader>
<AllowedHeader>X-Requested-With</AllowedHeader>
<AllowedHeader>Content-Type</AllowedHeader>
<AllowedHeader>Range</AllowedHeader>
</CORSRule>
</CORSConfiguration>
answered Feb 3 '17 at 19:12
EdhowlerEdhowler
407311
answered Feb 3 '17 at 19:12
EdhowlerEdhowler
407311
answered Feb 3 '17 at 19:12
EdhowlerEdhowler
407311
answered Feb 3 '17 at 19:12
EdhowlerEdhowler
407311
407311
add a comment |
add a comment |
I had the same problem where CORS worked in Chrome, but threw an origin error in Safari. Turned out it was a Kerberos authorization issue. When I loaded the XHR URL directly in Safari, I was prompted for credentials. After entering them, I returned to the original site, and Safari no longer had the CORS error.
answered Apr 18 '18 at 17:55
Seth MooreSeth Moore
464
add a comment |
I had the same problem where CORS worked in Chrome, but threw an origin error in Safari. Turned out it was a Kerberos authorization issue. When I loaded the XHR URL directly in Safari, I was prompted for credentials. After entering them, I returned to the original site, and Safari no longer had the CORS error.
answered Apr 18 '18 at 17:55
Seth MooreSeth Moore
464
add a comment |
I had the same problem where CORS worked in Chrome, but threw an origin error in Safari. Turned out it was a Kerberos authorization issue. When I loaded the XHR URL directly in Safari, I was prompted for credentials. After entering them, I returned to the original site, and Safari no longer had the CORS error.
answered Apr 18 '18 at 17:55
Seth MooreSeth Moore
464
I had the same problem where CORS worked in Chrome, but threw an origin error in Safari. Turned out it was a Kerberos authorization issue. When I loaded the XHR URL directly in Safari, I was prompted for credentials. After entering them, I returned to the original site, and Safari no longer had the CORS error.
answered Apr 18 '18 at 17:55
Seth MooreSeth Moore
464
answered Apr 18 '18 at 17:55
Seth MooreSeth Moore
464
answered Apr 18 '18 at 17:55
Seth MooreSeth Moore
464
answered Apr 18 '18 at 17:55
Seth MooreSeth Moore
464
464
add a comment |
add a comment |
In my case, it was an issue for Accept-Langauge header. I have added Accept-Language inside Access-Control-Allow-Headers and it got resolved.
answered Nov 12 '18 at 13:06
deendeen
85631732
add a comment |
In my case, it was an issue for Accept-Langauge header. I have added Accept-Language inside Access-Control-Allow-Headers and it got resolved.
answered Nov 12 '18 at 13:06
deendeen
85631732
add a comment |
In my case, it was an issue for Accept-Langauge header. I have added Accept-Language inside Access-Control-Allow-Headers and it got resolved.
answered Nov 12 '18 at 13:06
deendeen
85631732
In my case, it was an issue for Accept-Langauge header. I have added Accept-Language inside Access-Control-Allow-Headers and it got resolved.
answered Nov 12 '18 at 13:06
deendeen
85631732
answered Nov 12 '18 at 13:06
deendeen
85631732
answered Nov 12 '18 at 13:06
deendeen
85631732
answered Nov 12 '18 at 13:06
deendeen
85631732
85631732
add a comment |
add a comment |
protected by Samuel Liew♦ Aug 22 '14 at 6:30
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
