98838 2012-10-09 18:00:39 -0700 XHR CORS on 302 Redirect sets Origin to "null" in request 2021-03-03 09:48:21 -0800 1 1 1 Unclassified WebKit Page Loading 528+ (Nightly build) Unspecified Unspecified UNCONFIRMED https://bugs.webkit.org/show_bug.cgi?id=144817 https://bugs.webkit.org/show_bug.cgi?id=222653 InRadar P2 Major --- 0 terinjokes webkit-unassigned abarth achristensen ap bbudge beidson brent micahnyc mike webdev youennf oldest_to_newest 738386 0 terinjokes 2012-10-09 18:00:39 -0700 Chrome Version : 24.0.1284.2 dev Safari Version : 6.0.1 (8536.26.14) Other browsers tested: Add OK or FAIL after other browsers where you have tested this issue: Firefox 15.x: OK IE 8: OK What steps will reproduce the problem? 0. Be on one domain (host: http://example.test) 1. Initiate a XHR CORS request to a resource. (host: http://test1.example.org) 2. The resource issues a 302 redirect to another resource on another domain (host: http://test2.example.org) What is the expected result? The second request (to test2.example.org) would have set the Origin to "example.test" in the request What happens instead? During the second request the Origin is set to "null" 738401 1 terinjokes 2012-10-09 18:20:14 -0700 X-Post: Safari: rdar://problem/12466595 (http://openradar.appspot.com/radar?id=2135401) Chrome: http://openradar.appspot.com/radar?id=2135401 841207 2 bbudge 2013-02-25 12:46:57 -0800 Here is a web page that demonstrates the problem. The second test causes a cross-origin redirect, and the new request has no 'Origin' header. http://origin-a.sigusrone.com/cors-redirect-accept-header 857927 3 ap 2013-03-18 22:04:42 -0700 See also: bug 112471. 1349648 4 brent 2017-09-15 23:51:45 -0700 I've experienced this behavior with a 303 redirect as well. My site was using the S3 "Browser-Based Uploads Using POST" feature, which can optionally emit a 303 redirect once the upload is complete. 1349935 5 youennf 2017-09-18 09:34:19 -0700 http://origin-a.sigusrone.com/cors-redirect-accept-header is now working properly. Brent, have you tried recent Safari versions, like Safari Tech Preview? Would you be able to provide a reduced test case?