Chrome cancels CORS XHR upon HTTP 302 redirect

by

The answers in here are mixed, hinting on certain settings in code etc. which may solve the redirect problem with CORS, but the CORS spec clearly specifies when such CORS redirects will fail/pass :
As per the spec, browsers should

  1. Allows 3XX redirect , if the request to the redirected resource doesn’t require pre-flight check (simple CORS requests without custom header for example). See https://www.w3.org/TR/cors/#simple-cross-origin-request-0

If the manual redirect flag is unset and the response has an HTTP status code of 301, 302, 303, 307, or 308
Apply the redirect steps

  1. Don’t allow 3XX redirect, if the request to redirected resource requires pre-flight check. See https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0

If the response has an HTTP status code of 301, 302, 303, 307, or 308
Apply the cache and network error steps.

I have explored various CORS scenarios in github repo: https://github.com/monmohan/cors-experiment.

This specific issue with failed redirect can also be easily reproduced in isolation by the bundle here: https://github.com/monmohan/cors-experiment/tree/master/issue

More Related Contents:

  1. How to stop CORB from blocking requests to data resources that respond with CORS headers?
  2. Since v38, Chrome extension cannot load from HTTP URLs anymore, workaround?
  3. Chrome CORS error on request to localhost dev server from remote site
  4. How to solve Chrome’s 6 connection limit when using xhr polling
  5. CORS error on request to localhost dev server from remote site
  6. Chrome not showing OPTIONS requests in Network tab
  7. Cross-origin request in a content script is blocked by CORB despite the correct CORS headers
  8. How to make a cross-origin request in a content script (currently blocked by CORB despite the correct CORS headers)?
  9. Does –disable-web-security work in Chrome?
  10. CORS issue doesn’t occur when using POSTMAN
  11. Chrome v37/38 CORS failing (again) with 401 for OPTIONS pre-flight requests
  12. Is there a way to get the XPath in Google Chrome?
  13. Manually adding a Userscript to Google Chrome
  14. Is it possible to send an array with the Postman Chrome extension?
  15. Blurry text after using CSS transform: scale(); in Chrome
  16. Why doesn’t ChromeDriver require Chrome or Chromium?
  17. Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
  18. Catching an Access-Control-Allow-Origin error in JavaScript
  19. Making HTTP Requests using Chrome Developer tools
  20. Where does Chrome store cookies?
  21. navigator.clipboard is undefined
  22. ChromeWebDriver – unknown error: Chrome failed to start: crashed
  23. getUserMedia() not supported in chrome
  24. How to search all loaded scripts in Chrome Developer Tools?
  25. Is it possible for XHR HEAD requests to not follow redirects (301 302)
  26. Understanding Chrome network log “Stalled” state
  27. Chrome version 18+: How to allow inline scripting with a Content Security Policy?
  28. rounded corners on html5 video
  29. Chrome’s remote debugging (USB debugging) not working for Samsung Galaxy S3 running android 4.3
  30. Chrome video autoplay

Leave a Comment