Safari 10.1: XMLHttpRequest with query parameters cannot load due to access control checks
Solution 1
You're running into CORS issues.
Some possible causes:
- The header
Access-Control-Allow-Origin
can only be set on server side, not in your clients script. (You did not make clear you did that correctly.) - Are you sure the protocol (
http
vshttps
vs maybe evenfile
) is exactly the same? - If you may have multiple sub domains you need to setup your config (e.g. Apache) with something like
"^http(s)?://(.+\.)?test\.com$
.
The^
marks the start of the line to prevent anything preceeding this url. You need a protocol and allowing both here. A subdomain is optional. And the$
marks the end of line (you don't need to set sub-pages, because origin is only host based). - As stated here adding
Access-Control-Allow-Headers: Origin
to the server configuration as well may be a solution. Try to compare the actual requests made my Safari to the successfull requests done by Firefox or Chrome to spot possible missing Headers as well (and maybe compare them to your server configuration as well).
Solution 2
If anyone comes across this error, it just occurred in the application I was building. In my case, it turned out to be a trailing / in the uri, which caused a 301 response, which was for some reason interpreted by Safari as a 500 response.
Solution 3
Trying following might work -
Access-Control-Allow-Origin: <origin> | *
Solution 4
The problem is because it is necessary to be more specific in the data of the cors this does not happen in the other operating systems that do interpret it
This one worked for me for a back in php
header ("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method");
header ("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
header ("Allow: GET, POST, OPTIONS, PUT, DELETE");
$ method = $ _SERVER ['REQUEST_METHOD'];
if ($ method == "OPTIONS") {
die ();
}
Marius
Updated on July 30, 2021Comments
-
Marius almost 3 years
When trying a
CORS request
onSafari 10.1
, on an URL which includes query parameters (e.g. https://example.com/api?v=1), Safari saysXMLHttpRequest cannot load due to access control checks
Chrome/Firefox works fine.
On requests from the page without the
?v=1
, Safari works fine too.I tried changing the server response header from
Access-Control-Allow-Origin: https://example.com
to
Access-Control-Allow-Origin: https://example.com/api?v=1
but that breaks Chrome.
Any suggestions?
-
Gone3d almost 5 yearswhere do you add/change that
-
mdeora almost 4 yearsYou need to add it in the response headers.
-
Haneen Mahdin almost 2 yearsthis didn't work for me! I had to replace the <origin> with just '*' to make it work.